Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2019-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | |||||
| CVE-2013-3312 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi. | |||||
| CVE-2019-19013 | 1 Pagekit | 1 Pagekit | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. | |||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | |||||
| CVE-2011-4952 | 1 Cobblerd | 1 Cobbler | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| cobbler: Web interface lacks CSRF protection when using Django framework | |||||
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | |||||
| CVE-2019-18651 | 1 3xlogic | 2 Infinias Access Control, Infinias Access Control Firmware | 2019-11-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session. | |||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2019-11-19 | 6.8 MEDIUM | 8.8 HIGH |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | |||||
| CVE-2013-3516 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2019-11-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | |||||
| CVE-2019-17600 | 1 Intelbras | 2 Iwr 1000n, Iwr 1000n Firmware | 2019-11-15 | 10.0 HIGH | 9.8 CRITICAL |
| Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| letodms 3.3.6 has CSRF via change password | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2019-11-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2010-3305 | 1 Pixelpost | 1 Pixelpost | 2019-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | |||||
| CVE-2019-17237 | 1 Getigniteup | 1 Igniteup | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | |||||
| CVE-2019-10847 | 1 Computrols | 1 Computrols Building Automation Software | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | |||||
| CVE-2019-18411 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. | |||||
| CVE-2019-8109 | 1 Magento | 1 Magento | 2019-11-07 | 6.0 MEDIUM | 8.0 HIGH |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | |||||
| CVE-2019-18650 | 1 Joomla | 1 Joomla\! | 2019-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. | |||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2019-11-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | |||||
| CVE-2019-18206 | 1 Zucchetti | 1 Infobusiness | 2019-11-05 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | |||||