Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2024-09-17 | N/A |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | ||||
| CVE-2022-45071 | 1 Wpml | 1 Wpml | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | ||||
| CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-09-17 | N/A |
| A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | ||||
| CVE-2013-2702 | 2 Thulasidas, Wordpress | 2 Easy-adsense-lite, Wordpress | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | ||||
| CVE-2019-4750 | 1 Ibm | 1 Cloud App Management | 2024-09-17 | 8.8 High |
| IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310. | ||||
| CVE-2018-15445 | 1 Cisco | 1 Energy Management Suite Software | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | ||||
| CVE-2022-35286 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-09-17 | 8.8 High |
| IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814. | ||||
| CVE-2012-2959 | 1 Bmc | 1 Identity Management Suite | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | ||||
| CVE-2019-12636 | 1 Cisco | 216 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 213 more | 2024-09-17 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device. | ||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-09-17 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | ||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-09-17 | N/A |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | ||||
| CVE-2020-5397 | 2 Oracle, Vmware | 27 Application Testing Suite, Communications Brm - Elastic Charging Engine, Communications Diameter Signaling Router and 24 more | 2024-09-17 | 5.3 Medium |
| Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. | ||||
| CVE-2015-1580 | 1 Redirection Project | 1 Redirection | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. | ||||
| CVE-2018-10127 | 1 Xyhcms Project | 1 Xyhcms | 2024-09-17 | N/A |
| An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role. | ||||
| CVE-2012-3343 | 1 Bloxx | 1 Web Filtering | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. | ||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-09-17 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | ||||
| CVE-2017-5781 | 1 Hp | 1 Matrix Operating Environment | 2024-09-17 | N/A |
| A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found. | ||||
| CVE-2012-4608 | 1 Emc | 1 Rsa Netwitness Informer | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2022-27855 | 1 Fatcatapps | 1 Analytics Cat | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. | ||||
| CVE-2022-36373 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2024-09-17 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | ||||