Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | |||||
| CVE-2018-14769 | 1 Vivotek | 1 Camera | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | |||||
| CVE-2018-16345 | 1 Easycms | 1 Easycms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
| CVE-2018-17366 | 1 Mcms Project | 1 Mcms | 2018-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | |||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | |||||
| CVE-2018-1000669 | 1 Koha | 1 Koha | 2018-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. | |||||
| CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2018-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2018-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | |||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2018-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-16431 | 1 Yfcmf | 1 Yfcmf | 2018-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. | |||||
| CVE-2018-16951 | 1 Xunfeng Project | 1 Xunfeng | 2018-11-02 | 6.0 MEDIUM | 8.0 HIGH |
| xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. | |||||
| CVE-2018-16650 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyFAQ before 2.9.11 allows CSRF. | |||||
| CVE-2014-6046 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. | |||||
| CVE-2008-3325 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2018-11-01 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | |||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | |||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2018-10-31 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | |||||
| CVE-2018-9092 | 1 1234n | 1 Minicms | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | |||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||