Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2019-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | |||||
| CVE-2019-17676 | 1 Metinfo | 1 Metinfo | 2019-10-21 | 6.8 MEDIUM | 8.8 HIGH |
| app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | |||||
| CVE-2019-10441 | 1 Jenkins | 1 Icescrum | 2019-10-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10454 | 1 Jenkins | 1 Rundeck | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10456 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-17521 | 1 Landing-cms Project | 1 Landing-cms | 2019-10-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI, | |||||
| CVE-2017-14683 | 1 Geminabox Project | 1 Geminabox | 2019-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | |||||
| CVE-2018-20582 | 1 Gree | 1 Gree\+ | 2019-10-16 | 6.8 MEDIUM | 8.8 HIGH |
| The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. | |||||
| CVE-2019-17593 | 1 Jizhicms | 1 Jizhicms | 2019-10-16 | 6.8 MEDIUM | 8.8 HIGH |
| JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | |||||
| CVE-2019-17369 | 1 Otcms | 1 Otcms | 2019-10-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. | |||||
| CVE-2019-11077 | 1 Fastadmin | 1 Fastadmin | 2019-10-15 | 6.8 MEDIUM | 8.8 HIGH |
| FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. | |||||
| CVE-2019-13529 | 1 Sma | 2 Sunny Webbox, Sunny Webbox Firmware | 2019-10-15 | 6.8 MEDIUM | 8.8 HIGH |
| An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. | |||||
| CVE-2019-17386 | 1 Eleopard | 1 Animate It\! | 2019-10-15 | 6.8 MEDIUM | 8.8 HIGH |
| The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. | |||||
| CVE-2019-17431 | 1 Fastadmin | 1 Fastadmin | 2019-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | |||||
| CVE-2015-9455 | 1 Incsub | 1 Buddypress-activity-plus | 2019-10-10 | 7.8 HIGH | 8.1 HIGH |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | |||||
| CVE-2019-17217 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2019-10-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. | |||||
| CVE-2019-9882 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. | |||||
| CVE-2019-9883 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. | |||||
| CVE-2019-5630 | 1 Rapid7 | 1 Nexpose | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request. | |||||
| CVE-2019-5430 | 1 Ui | 1 Unifi Video | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | |||||