Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9052 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | |||||
| CVE-2019-9051 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | |||||
| CVE-2019-9048 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | |||||
| CVE-2019-9049 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | |||||
| CVE-2019-1000022 | 1 Taoensso | 1 Sente | 2019-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later. | |||||
| CVE-2019-0267 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2019-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | |||||
| CVE-2019-8902 | 1 Idreamsoft | 1 Icms | 2019-02-19 | 4.9 MEDIUM | 5.7 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | |||||
| CVE-2019-8910 | 1 Wtcms Project | 1 Wtcms | 2019-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | |||||
| CVE-2019-1000003 | 1 Mapsvg | 1 Mapsvg Lite | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. | |||||
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | |||||
| CVE-2019-8347 | 1 Beescms | 1 Beescms | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. | |||||
| CVE-2018-1000858 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2019-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. | |||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2019-02-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | |||||
| CVE-2019-7737 | 1 Verydows | 1 Verydows | 2019-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | |||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2019-02-12 | 4.9 MEDIUM | 5.7 MEDIUM |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | |||||
| CVE-2018-20780 | 1 Traq | 1 Traq | 2019-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | |||||
| CVE-2019-7569 | 1 Wdoyo | 1 Doyo | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. | |||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2019-02-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
| CVE-2019-7566 | 1 Cszcms | 1 Csz Cms | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | |||||
| CVE-2018-1000843 | 1 Spotify | 1 Luigi | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. | |||||