| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. |
| In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. |
| CFME: CSRF protection vulnerability via permissive check of the referrer header |
| katello-headpin is vulnerable to CSRF in REST API |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. |
| Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. |
| PrestaShop before 1.4.11 allows logout CSRF. |
| SPBAS Business Automation Software 2012 has CSRF. |
| Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. |
