Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2018-12-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | |||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2018-12-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | |||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | |||||
| CVE-2018-10099 | 1 Google | 1 Monorail | 2018-12-18 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-19334 | 1 Google | 1 Monorail | 2018-12-18 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. | |||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | |||||
| CVE-2018-19327 | 1 Jtbc | 1 Jtbc Php | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | |||||
| CVE-2014-3896 | 1 Seeds | 1 Acmailer | 2018-12-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization. | |||||
| CVE-2018-18797 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | |||||
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
| CVE-2018-19332 | 1 S-cms | 1 S-cms | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. | |||||
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2018-12-18 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | |||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | |||||
| CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| RhinOS 3.0 build 1190 allows CSRF. | |||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2018-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | |||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | |||||
| CVE-2017-17550 | 1 Zyxel | 2 Zywall Usg 100, Zywall Usg 100 Firmware | 2018-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | |||||
| CVE-2018-13398 | 1 Atlassian | 2 Crucible, Fisheye | 2018-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2014-2327 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2018-12-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | |||||