Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2019-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | |||||
| CVE-2019-1010096 | 1 Domainmod | 1 Domainmod | 2019-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2019-1010095 | 1 Domainmod | 1 Domainmod | 2019-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2010-4241 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-10-29 | 6.8 MEDIUM | 8.8 HIGH |
| Tiki Wiki CMS Groupware 5.2 has CSRF | |||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2019-10-28 | 9.3 HIGH | 8.8 HIGH |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | |||||
| CVE-2019-18414 | 1 Sourcecodester | 1 Restaurant Management System | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | |||||
| CVE-2019-9597 | 1 Darktrace | 1 Enterprise Immune System | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. | |||||
| CVE-2019-9596 | 1 Darktrace | 1 Enterprise Immune System | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. | |||||
| CVE-2019-8234 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-10462 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2019-10-25 | 6.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-6282 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-10468 | 1 Jenkins | 1 Kubernetes Ci | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-18220 | 1 Sitemagic | 1 Sitemagic | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions. | |||||
| CVE-2019-10471 | 1 Jenkins | 1 Libvirt Slaves | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10464 | 1 Jenkins | 1 Deploy Weblogic | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
| CVE-2015-9498 | 1 Wpserveur | 1 Wps Hide Login | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | |||||
| CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2019-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
| CVE-2019-10437 | 1 Jenkins | 1 Crx Content Package Deployer | 2019-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2014-8773 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 6.8 MEDIUM | N/A |
| MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. | |||||
| CVE-2019-17118 | 1 Wikidsystems | 1 2fa Enterprise Server | 2019-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices. | |||||