Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2019-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2019-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| Engelsystem before commit hash 2e28336 allows CSRF. | |||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2019-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||
| CVE-2018-20419 | 1 Douco | 1 Douphp | 2019-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | |||||
| CVE-2018-19923 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2019-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2019-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | |||||
| CVE-2018-18842 | 1 Zblogcn | 1 Z-blogphp | 2019-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2018-1000846 | 1 Freshdns Project | 1 Freshdns | 2019-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later. | |||||
| CVE-2014-5395 | 1 Huawei | 4 E3236 Firmware, E3276 Firmware, E5180s-22 Firmware and 1 more | 2019-01-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. | |||||
| CVE-2018-20188 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | |||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2019-01-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | |||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | |||||
| CVE-2018-2474 | 1 Sap | 1 Fiori | 2019-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | |||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | |||||
| CVE-2018-8892 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | |||||
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2019-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v5.2 has admin/role/add.html CSRF. | |||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2018-12-31 | 9.3 HIGH | 8.8 HIGH |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | |||||
| CVE-2018-19621 | 1 Showdoc | 1 Showdoc | 2018-12-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | |||||
| CVE-2018-14892 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2018-12-26 | 6.8 MEDIUM | 8.8 HIGH |
| Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | |||||