Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10734 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2021-02-26 | 2.1 LOW | 3.3 LOW |
| A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable. | |||||
| CVE-2011-2085 | 1 Bestpractical | 1 Rt | 2021-02-25 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2020-36247 | 1 Osc | 1 Open Ondemand | 2021-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | |||||
| CVE-2019-0235 | 1 Apache | 1 Ofbiz | 2021-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. | |||||
| CVE-2020-13186 | 1 Teradici | 1 Cloud Access Connector | 2021-02-22 | 2.6 LOW | 6.5 MEDIUM |
| An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link. | |||||
| CVE-2019-20178 | 1 Peel | 1 Peel Shopping | 2021-02-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. | |||||
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | |||||
| CVE-2021-20650 | 1 Elecom | 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware | 2021-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2021-21027 | 1 Magento | 1 Magento | 2021-02-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. | |||||
| CVE-2020-28644 | 1 Owncloud | 1 Owncloud | 2021-02-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6. | |||||
| CVE-2021-20646 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2021-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2021-20647 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2021-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2020-35943 | 1 Imagely | 1 Nextgen Gallery | 2021-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | |||||
| CVE-2021-20403 | 1 Ibm | 1 Security Verify Information Queue | 2021-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2021-22500 | 1 Microfocus | 1 Application Performance Management | 2021-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. | |||||
| CVE-2020-23522 | 1 Pixelimity | 1 Pixelimity | 2021-02-09 | 6.0 MEDIUM | 6.8 MEDIUM |
| Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | |||||
| CVE-2021-20652 | 1 Name Directory Project | 1 Name Directory | 2021-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-24271 | 1 Easycms | 1 Easycms | 2021-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | |||||
| CVE-2021-25765 | 1 Jetbrains | 1 Youtrack | 2021-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | |||||
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||