Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34086 | 1 Ultimaker | 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more | 2022-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests. | |||||
| CVE-2021-46147 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. | |||||
| CVE-2021-46080 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. | |||||
| CVE-2020-29292 | 1 Iball | 2 Wrd12en, Wrd12en Firmware | 2022-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | |||||
| CVE-2020-21236 | 1 Damicms | 1 Damicms | 2022-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | |||||
| CVE-2021-20165 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). | |||||
| CVE-2020-20945 | 1 Qibosoft | 1 Qibosoft | 2022-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | |||||
| CVE-2020-20943 | 1 Qibosoft | 1 Qibosoft | 2022-01-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | |||||
| CVE-2021-4168 | 1 Showdoc | 1 Showdoc | 2022-01-06 | 6.8 MEDIUM | 8.8 HIGH |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4162 | 1 Archivy Project | 1 Archivy | 2022-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| archivy is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-24852 | 1 Mousewheel Smooth Scroll Project | 1 Mousewheel Smooth Scroll | 2022-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2020-15600 | 1 Cmsuno Project | 1 Cmsuno | 2022-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | |||||
| CVE-2021-29756 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | |||||
| CVE-2021-36887 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2022-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | |||||
| CVE-2020-8615 | 1 Themeum | 1 Tutor Lms | 2022-01-01 | 2.6 LOW | 6.5 MEDIUM |
| A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). | |||||
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | |||||
| CVE-2021-32403 | 1 Intelbras | 2 Rf 301k, Rf 301k Firmware | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules. | |||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2021-12-30 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | |||||
| CVE-2021-43846 | 1 Nebulab | 1 Solidus | 2021-12-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory. | |||||
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2021-12-28 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | |||||