Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3778 | 1 Commscope | 1 Arris Sbg901 | 2021-08-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter. | |||||
| CVE-2021-24536 | 1 Custom Login Redirect Project | 1 Custom Login Redirect | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24411 | 1 Social Tape Project | 1 Social Tape | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack | |||||
| CVE-2021-24380 | 1 Shantz Wordpress Qotd Project | 1 Shantz Wordpress Qotd | 2021-08-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2021-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2021-29400 | 1 Netexplorer | 1 My Smtp Contact | 2021-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site. | |||||
| CVE-2021-32122 | 1 Netgear | 8 Ex3700, Ex3700 Firmware, Ex3800 and 5 more | 2021-08-19 | 5.4 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. | |||||
| CVE-2020-20989 | 1 Domainmod | 1 Domainmod | 2021-08-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | |||||
| CVE-2020-18458 | 1 Damicms | 1 Damicms | 2021-08-17 | 6.0 MEDIUM | 8.0 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | |||||
| CVE-2020-18460 | 1 711cms | 1 711cms | 2021-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | |||||
| CVE-2020-18464 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 3.5 LOW |
| Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | |||||
| CVE-2020-18463 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 2.4 LOW |
| Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | |||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | |||||
| CVE-2021-34661 | 1 Verygoodplugins | 1 Wp Fusion | 2021-08-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | |||||
| CVE-2020-18457 | 1 Bycms Project | 1 Bycms | 2021-08-16 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | |||||
| CVE-2020-18454 | 1 Bycms Project | 1 Bycms | 2021-08-16 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | |||||
| CVE-2020-25562 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. | |||||
| CVE-2020-21358 | 1 Wagecms Project | 1 Wage-cms | 2021-08-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | |||||
| CVE-2020-18694 | 1 Ignitedcms Project | 1 Ignitedcms | 2021-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | |||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2021-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | |||||