| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. |
| my little forum 2.4.12 allows CSRF for deletion of users. |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. |
| An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. |
