Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5285 | 1 Wpscoop | 1 Imageinject | 2018-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. | |||||
| CVE-2018-5658 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2018-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php. | |||||
| CVE-2018-5656 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php. | |||||
| CVE-2018-5669 | 1 Read And Understood Project | 1 Read And Understood | 2018-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php. | |||||
| CVE-2011-4140 | 1 Djangoproject | 1 Django | 2018-01-17 | 6.8 MEDIUM | N/A |
| The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. | |||||
| CVE-2012-0317 | 1 Sixapart | 1 Movable Type | 2018-01-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. | |||||
| CVE-2017-1000432 | 1 Vanillaforums | 1 Vanilla Forums | 2018-01-17 | 6.0 MEDIUM | 8.0 HIGH |
| Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | |||||
| CVE-2018-5073 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| Online Ticket Booking has CSRF via admin/movieedit.php. | |||||
| CVE-2017-1672 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | |||||
| CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2018-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | |||||
| CVE-2012-0453 | 1 Mozilla | 1 Bugzilla | 2018-01-10 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | |||||
| CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. | |||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | |||||
| CVE-2011-1397 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-1843 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-09 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability." | |||||
| CVE-2017-17982 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.0 MEDIUM | 6.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | |||||