Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19192 | 1 Xiaocms | 1 Xiaocms | 2018-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. | |||||
| CVE-2014-2390 | 1 Mcafee | 1 Network Security Manager | 2018-12-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | |||||
| CVE-2018-19104 | 1 Bagesoft | 1 Bagecms | 2018-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. | |||||
| CVE-2018-19225 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. | |||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2018-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | |||||
| CVE-2018-18935 | 1 Popojicms | 1 Popojicms | 2018-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. | |||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
| CVE-2018-16952 | 1 Oracle | 1 Webcenter Interaction | 2018-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-12370 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. | |||||
| CVE-2015-4630 | 1 Koha | 1 Koha | 2018-12-04 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. | |||||
| CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2018-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | |||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2018-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | |||||
| CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2018-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. | |||||
| CVE-2018-18432 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request. | |||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter. | |||||
| CVE-2018-12456 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | |||||
| CVE-2018-17045 | 1 Cms Maelostore Project | 1 Cms Maelostore | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. | |||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | |||||