Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9489 | 2 Cisco, Commscope | 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more | 2021-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | |||||
| CVE-2021-38705 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | |||||
| CVE-2017-2244 | 1 Brother | 2 Mfc-j960dwn, Mfc-j960dwn Firmware | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-7746 | 1 Cobub | 1 Razor | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. | |||||
| CVE-2020-19047 | 1 Iwebshop | 1 Iwebshop | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | |||||
| CVE-2017-9033 | 1 Trendmicro | 1 Serverprotect | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | |||||
| CVE-2018-7720 | 1 Cobub | 1 Razor | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. | |||||
| CVE-2017-5156 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | |||||
| CVE-2017-5528 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). | |||||
| CVE-2020-12427 | 3 Apple, Microsoft, Westerndigital | 3 Macos, Windows, Wd Discovery | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | |||||
| CVE-2021-39133 | 1 Pagerduty | 1 Rundeck | 2021-09-08 | 6.0 MEDIUM | 6.8 MEDIUM |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. | |||||
| CVE-2021-27557 | 1 Easycorp | 1 Zentao | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
| CVE-2013-2699 | 1 Underconstruction Project | 1 Underconstruction | 2021-09-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. | |||||
| CVE-2021-38342 | 1 Nested Pages Project | 1 Nested Pages | 2021-09-02 | 4.3 MEDIUM | 8.1 HIGH |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
| CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||