Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4237 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-09-16 | 8.8 High |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410. | ||||
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | ||||
| CVE-2018-8925 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | ||||
| CVE-2017-8930 | 1 Simpleinvoices | 1 Simple Invoices | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | ||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2024-09-16 | N/A |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | ||||
| CVE-2018-0444 | 1 Cisco | 1 Packaged Contact Center Enterprise | 2024-09-16 | N/A |
| A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | ||||
| CVE-2011-4298 | 1 Moodle | 1 Moodle | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | ||||
| CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2024-09-16 | N/A |
| WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | ||||
| CVE-2017-1442 | 1 Ibm | 1 Emptoris Services Procurement | 2024-09-16 | N/A |
| IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. | ||||
| CVE-2009-4517 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | ||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-09-16 | N/A |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | ||||
| CVE-2022-36798 | 1 Topdigitaltrends | 1 Mega Addons For Wpbakery Page Builder | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. | ||||
| CVE-2013-7352 | 1 B2evolution | 1 B2evolution | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | ||||
| CVE-2010-3883 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. | ||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-09-16 | 8.8 High |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2014-9101 | 2 Oxwall, Skalfa | 2 Oxwall, Skadate Lite | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. | ||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2024-09-16 | 6.1 Medium |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | ||||
| CVE-2011-1905 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | ||||
| CVE-2013-3450 | 1 Cisco | 1 Unified Communications Manager | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | ||||
| CVE-2018-1000600 | 1 Jenkins | 1 Github | 2024-09-16 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||