Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4005 | 1 Cisco | 8 Small Business Srp520 Series Firmware, Small Business Srp521w, Small Business Srp526w and 5 more | 2017-08-28 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. | |||||
| CVE-2011-4947 | 1 E107 | 1 E107 | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. | |||||
| CVE-2011-5011 | 1 Xt-commerce | 1 Xt\ | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php. | |||||
| CVE-2011-5068 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs. | |||||
| CVE-2011-5131 | 1 Mybb | 1 Mybb | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. | |||||
| CVE-2011-5226 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | |||||
| CVE-2012-0440 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. | |||||
| CVE-2011-2753 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. | |||||
| CVE-2010-5088 | 1 Silverstripe | 1 Silverstripe | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087. | |||||
| CVE-2010-5085 | 1 Hulihanapplications | 1 Amethyst | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | |||||
| CVE-2010-5283 | 1 Opentext | 1 Livelink Ecm | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | |||||
| CVE-2017-12589 | 1 Tomaxcom | 4 R60g, R60g Firmware, R60gv2 and 1 more | 2017-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | |||||
| CVE-2017-12853 | 1 Rtsindia | 2 Rwr-3g-100, Rwr-3g-100 Firmware | 2017-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | |||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | |||||
| CVE-2017-12593 | 1 Asus | 2 Dsl-n10s Firmware, Dsl-n10s Router | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | |||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | |||||
| CVE-2015-5081 | 1 Django-cms | 1 Django Cms | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | |||||
| CVE-2017-9863 | 1 Sma | 79 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 76 more | 2017-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. | |||||
| CVE-2011-1685 | 1 Bestpractical | 1 Rt | 2017-08-16 | 4.6 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack. | |||||
| CVE-2011-1682 | 1 Tincan | 1 Phplist | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||