Total
6250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1003008 | 1 Jenkins | 1 Warnings Next Generation | 2024-09-17 | N/A |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | ||||
| CVE-2012-6629 | 1 Xyzscripts | 1 Newsletter Manager | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2024-09-17 | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2012-4391 | 1 Owncloud | 1 Owncloud | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | ||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-09-17 | N/A |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | ||||
| CVE-2015-6966 | 1 Nibbleblog | 1 Nibbleblog | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. | ||||
| CVE-2017-9673 | 1 Simplece | 1 Simplece | 2024-09-17 | N/A |
| In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | ||||
| CVE-2013-3479 | 2 Sharethis, Wordpress | 2 Sharethis, Wordpress | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. | ||||
| CVE-2018-12413 | 1 Tibco | 1 Messaging - Apache Kafka Distribution - Schema Repository | 2024-09-17 | N/A |
| The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0. | ||||
| CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | ||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-09-17 | N/A |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | ||||
| CVE-2018-5073 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-09-17 | N/A |
| Online Ticket Booking has CSRF via admin/movieedit.php. | ||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2024-09-17 | N/A |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | ||||
| CVE-2020-4301 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. | ||||
| CVE-2018-15438 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser to perform arbitrary actions with the privileges of the user on an affected system. | ||||
| CVE-2022-38470 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | ||||
| CVE-2022-44627 | 1 Coleds | 1 Simple Seo | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. | ||||
| CVE-2020-4764 | 3 Ibm, Linux, Microsoft | 3 Planning Analytics, Linux Kernel, Windows | 2024-09-17 | 6.5 Medium |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. | ||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2024-09-17 | N/A |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | ||||
| CVE-2013-6826 | 1 Fortinet | 7 Fortianalyzer-1000d, Fortianalyzer-2000b, Fortianalyzer-200d and 4 more | 2024-09-16 | N/A |
| cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. | ||||