Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3420 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. | ||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2024-09-16 | 8.8 High |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | ||||
| CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2024-09-16 | N/A |
| In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | ||||
| CVE-2014-4717 | 1 Sharethis | 1 Simple Share Buttons Adder | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. | ||||
| CVE-2010-0638 | 1 K5n | 1 Webcalendar | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2020-4904 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-09-16 | 6.5 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2018-1000137 | 1 I-librarian | 1 I Librarian | 2024-09-16 | N/A |
| I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | ||||
| CVE-2020-4773 | 1 Ibm | 1 Curam Social Program Management | 2024-09-16 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. | ||||
| CVE-2021-42364 | 1 Stetic | 1 Stetic | 2024-09-16 | 8.8 High |
| The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. | ||||
| CVE-2021-36852 | 1 Thimpress | 1 Wp Hotel Booking | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | ||||
| CVE-2017-7990 | 1 Openmrs | 1 Openmrs Module Reporting | 2024-09-16 | N/A |
| The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | ||||
| CVE-2021-44777 | 1 Email Tracker Project | 1 Email Tracker | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | ||||
| CVE-2011-3381 | 1 Phorum | 1 Phorum | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2021-34628 | 1 Weblizar | 1 Admin Custom Login | 2024-09-16 | 8.8 High |
| The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | ||||
| CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2024-09-16 | N/A |
| iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | ||||
| CVE-2012-2116 | 2 Commerceguys, Drupal | 2 Commerce Reorder, Drupal | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. | ||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2024-09-16 | 4.3 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | ||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2024-09-16 | N/A |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | ||||
| CVE-2013-6018 | 1 Tylertech | 1 Taxweb | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password. | ||||
| CVE-2018-0439 | 1 Cisco | 1 Meeting Server | 2024-09-16 | N/A |
| A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | ||||