Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | |||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | |||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2019-08-13 | 4.3 MEDIUM | 8.8 HIGH |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | |||||
| CVE-2019-7947 | 1 Magento | 1 Magento | 2019-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2011-0447 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 6.8 MEDIUM | N/A |
| Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | |||||
| CVE-2008-5189 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | |||||
| CVE-2019-7874 | 1 Magento | 1 Magento | 2019-08-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | |||||
| CVE-2019-7873 | 1 Magento | 1 Magento | 2019-08-07 | 5.8 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | |||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2019-08-06 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | |||||
| CVE-2019-7857 | 1 Magento | 1 Magento | 2019-08-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | |||||
| CVE-2019-7865 | 1 Magento | 1 Magento | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. | |||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | |||||
| CVE-2019-14328 | 1 Simple-membership-plugin | 1 Simple Membership | 2019-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | |||||
| CVE-2019-3959 | 1 Wallaceit | 1 Wallacepos | 2019-08-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2012-6134 | 1 Omniauth-oauth2 Project | 1 Omniauth-oauth2 | 2019-08-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state. | |||||
| CVE-2008-1981 | 1 E-publish Project | 1 E-publish | 2019-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | |||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2019-08-01 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | |||||
| CVE-2019-14327 | 1 Custom Simple Rss Project | 1 Custom Simple Rss | 2019-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. | |||||
| CVE-2019-12826 | 1 Wpchef | 1 Widget Logic | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code. | |||||
| CVE-2012-4053 | 1 Ez | 1 Ez Publish | 2019-07-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||