Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19025 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2021-05-19 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2020-18964 | 1 Forestblog Project | 1 Forestblog | 2021-05-19 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | |||||
| CVE-2020-19199 | 1 Phpok | 1 Phpok | 2021-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-24249 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc | |||||
| CVE-2021-24178 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. | |||||
| CVE-2021-24179 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. | |||||
| CVE-2020-18889 | 1 Puppycms | 1 Puppycms | 2021-05-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php. | |||||
| CVE-2020-23264 | 1 Fork-cms | 1 Fork Cms | 2021-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | |||||
| CVE-2020-13460 | 1 Tufin | 1 Securetrack | 2021-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA. | |||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2021-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | |||||
| CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2021-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | |||||
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2021-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | |||||
| CVE-2020-22000 | 1 Homeautomation Project | 1 Homeautomation | 2021-05-06 | 8.5 HIGH | 8.0 HIGH |
| HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function. | |||||
| CVE-2020-21989 | 1 Homeautomation Project | 1 Homeautomation | 2021-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2021-28055 | 1 Centreon | 1 Centreon | 2021-05-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. | |||||
| CVE-2021-24231 | 1 Patreon | 1 Patreon Wordpress | 2021-05-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link. | |||||
| CVE-2021-24230 | 1 Patreon | 1 Patreon Wordpress | 2021-05-04 | 5.8 MEDIUM | 8.1 HIGH |
| The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content. | |||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2021-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | |||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2021-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | |||||
| CVE-2021-21644 | 1 Jenkins | 1 Config File Provider | 2021-04-26 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | |||||