Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5904 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. | |||||
| CVE-2020-5900 | 1 F5 | 1 Nginx Controller | 2020-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | |||||
| CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2020-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | |||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2020-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | |||||
| CVE-2020-15043 | 1 Iball | 2 Wrb303n, Wrb303n Firmware | 2020-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. | |||||
| CVE-2020-15014 | 1 Pramod | 1 Blogcms | 2020-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. | |||||
| CVE-2020-13157 | 1 Nukeviet | 1 Nukeviet | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. | |||||
| CVE-2020-13155 | 1 Nukeviet | 1 Nukeviet | 2020-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | |||||
| CVE-2020-13156 | 1 Nukeviet | 1 Nukeviet | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. | |||||
| CVE-2020-14203 | 1 Ibi | 1 Webfocus Business Intelligence | 2020-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | |||||
| CVE-2020-13426 | 1 Bdtask | 1 Multi-scheduler | 2020-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | |||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2020-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |||||
| CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.1 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |||||
| CVE-2016-11084 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | |||||
| CVE-2019-1003086 | 1 Jenkins | 1 Chef Sinatra | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003044 | 1 Jenkins | 1 Slack Notification | 2020-06-23 | 2.1 LOW | 7.1 HIGH |
| A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003046 | 1 Jenkins | 1 Fortify On Demand Uploader | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003090 | 1 Jenkins | 1 Soasta Cloudtest | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003080 | 1 Jenkins | 1 Openshift Deployer | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||