| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. |
| An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. |
| wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. |
| Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. |
| Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. |
| An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. |
| An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. |
| An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. |
| An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. |
| An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. |
| Engelsystem before commit hash 2e28336 allows CSRF. |
| WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. |
| ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. |
| In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. |
