Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1746 | 1 Ibm | 1 Jazz For Service Management | 2024-09-16 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. | ||||
| CVE-2019-4726 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-16 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | ||||
| CVE-2010-3030 | 1 Tomaz-muraus | 1 Open Blog | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2019-1958 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-09-16 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | ||||
| CVE-2016-8513 | 1 Hp | 1 Version Control Repository Manager | 2024-09-16 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | ||||
| CVE-2015-2769 | 1 Websense | 1 Triton Ap Email | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2010-5191 | 1 Bluecoat | 2 Avos, Proxyav | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. | ||||
| CVE-2020-4526 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | ||||
| CVE-2012-6433 | 1 E107 | 1 E107 | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. | ||||
| CVE-2018-12415 | 1 Tibco | 1 Enterprise Message Service | 2024-09-16 | N/A |
| The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below. | ||||
| CVE-2018-9856 | 1 Kotti Project | 1 Kotti | 2024-09-16 | N/A |
| Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | ||||
| CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | ||||
| CVE-2012-5308 | 1 Ibm | 1 Lotus Notes Traveler | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. | ||||
| CVE-2012-1227 | 1 Pluck-cms | 1 Pluck | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | ||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2024-09-16 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. | ||||
| CVE-2015-7612 | 1 Mcafee | 1 Vulnerability Manager | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2022-40695 | 1 Clogica | 1 Seo Redirection | 2024-09-16 | 5.4 Medium |
| Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. | ||||
| CVE-2013-1414 | 1 Fortinet | 30 Fortigate-1000c, Fortigate-100d, Fortigate-110c and 27 more | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown. | ||||
| CVE-2013-3250 | 1 Wordpress | 1 Wp Maintenance Mode Plugin | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. | ||||
| CVE-2014-0594 | 1 Opensuse | 1 Open Build Service | 2024-09-16 | N/A |
| In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | ||||