Total
6289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2024-09-16 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | ||||
| CVE-2021-36877 | 1 Stylemixthemes | 1 Ulisting | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | ||||
| CVE-2023-45276 | 1 Automatededitor | 1 Automated Editor | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions. | ||||
| CVE-2023-45270 | 1 Pinpoint | 1 Pinpoint Booking System | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | ||||
| CVE-2018-13398 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-16 | N/A |
| The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2021-26474 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2024-09-16 | 8.6 High |
| Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) | ||||
| CVE-2016-10529 | 1 Droppy Project | 1 Droppy | 2024-09-16 | N/A |
| Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | ||||
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-09-16 | N/A |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | ||||
| CVE-2018-13444 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | ||||
| CVE-2018-9108 | 1 Quickappscms | 1 Quickapps Cms | 2024-09-16 | N/A |
| CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | ||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2024-09-16 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | ||||
| CVE-2016-10313 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2024-09-16 | N/A |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. | ||||
| CVE-2014-9407 | 1 Revive-adserver | 1 Revive Adserver | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. | ||||
| CVE-2010-5315 | 1 Chialab \& Channelweb | 1 Bedita | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. | ||||
| CVE-2021-23404 | 1 Sqlite-web Project | 1 Sqlite-web | 2024-09-16 | 7.6 High |
| This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. | ||||
| CVE-2013-3540 | 1 Ovislink | 6 Airlive Od-2025hd, Airlive Od-2060hd, Airlive Poe100hd and 3 more | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users. | ||||
| CVE-2018-18436 | 1 Jtbc | 1 Jtbc Php | 2024-09-16 | 8.8 High |
| JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. | ||||
| CVE-2012-0286 | 1 Stone-ware | 1 Webnetwork | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. | ||||
| CVE-2010-4519 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | ||||