Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17960 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2024-09-17 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | ||||
| CVE-2019-1797 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-17 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an interface user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the user. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected. | ||||
| CVE-2021-26034 | 1 Joomla | 1 Joomla\! | 2024-09-17 | 6.5 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. | ||||
| CVE-2017-7906 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-09-17 | N/A |
| In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | ||||
| CVE-2013-7407 | 1 Drupal | 1 Mrbs Module | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-1120 | 1 Cisco | 2 Unity Express, Unity Express Software | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. | ||||
| CVE-2017-7969 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2024-09-17 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2022-34347 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-09-17 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | ||||
| CVE-2014-9524 | 1 Facebook Like Box Project | 1 Facebook Like Box | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. | ||||
| CVE-2012-2447 | 1 Netsweeper | 1 Netsweeper | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | ||||
| CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-09-17 | N/A |
| Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | ||||
| CVE-2022-36358 | 1 Seoscout | 1 Seo Scout | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | ||||
| CVE-2012-1897 | 1 Wolfcms | 1 Wolf Cms | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout. | ||||
| CVE-2013-2703 | 2 Crunchify, Wordpress | 2 Facebook Members, Wordpress | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. | ||||
| CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2021-34634 | 1 Sola-newsletters Project | 1 Sola-newsletters | 2024-09-17 | 8.8 High |
| The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | ||||
| CVE-2020-12511 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-09-17 | 8.8 High |
| Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | ||||
| CVE-2009-1561 | 1 Cisco | 1 Wrt54gc | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | ||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2024-09-17 | N/A |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | ||||
| CVE-2012-0997 | 1 11in1 | 1 11in1 | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | ||||