Total
6249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2965 | 1 Ibm | 1 Sametime | 2024-09-17 | N/A |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | ||||
| CVE-2014-5346 | 1 Disqus | 1 Disqus Comment System | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php. | ||||
| CVE-2011-3846 | 1 Hp | 1 System Management Homepage | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2024-09-17 | N/A |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | ||||
| CVE-2008-3938 | 1 Opendb | 1 Opendb | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | ||||
| CVE-2012-6134 | 1 Omniauth-oauth2 Project | 1 Omniauth-oauth2 | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state. | ||||
| CVE-2022-37411 | 1 Captcha Code Project | 1 Captcha Code | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. | ||||
| CVE-2007-6752 | 1 Drupal | 1 Drupal | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off. | ||||
| CVE-2019-4117 | 1 Ibm | 1 Cloud Private | 2024-09-17 | 8.8 High |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. | ||||
| CVE-2020-4170 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-09-17 | 4.3 Medium |
| IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. | ||||
| CVE-2019-20100 | 1 Atlassian | 3 Jira, Jira Data Center, Jira Server | 2024-09-17 | 4.7 Medium |
| The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | ||||
| CVE-2017-8099 | 1 Browserweb Inc | 1 Whizz | 2024-09-17 | N/A |
| There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | ||||
| CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2024-09-17 | 8.8 High |
| An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | ||||
| CVE-2018-0785 | 1 Microsoft | 1 Asp.net Core | 2024-09-17 | N/A |
| ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". | ||||
| CVE-2017-18042 | 1 Atlassian | 1 Bamboo | 2024-09-17 | N/A |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2020-29030 | 1 Secomea | 1 Gatemanager Firmware | 2024-09-17 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. | ||||
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2024-09-17 | N/A |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | ||||
| CVE-2013-3605 | 1 Trivantis | 1 Coursemill Learning Management System | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. | ||||
| CVE-2021-34632 | 1 Seo Backlinks Project | 1 Seo Backlinks | 2024-09-17 | 8.8 High |
| The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | ||||
| CVE-2021-36915 | 1 Cozmoslabs | 1 Profile Builder | 2024-09-17 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. | ||||