Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2192 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2020-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | |||||
| CVE-2014-8942 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| Lexiglot through 2014-11-20 allows CSRF. | |||||
| CVE-2020-4018 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2020-8168 | 1 Ui | 51 Ag-hp-2g16, Ag-hp-2g20, Ag-hp-5g23 and 48 more | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | |||||
| CVE-2020-13641 | 1 Infolific | 1 Real-time Find And Replace | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. | |||||
| CVE-2020-13642 | 1 Siteorigin | 1 Page Builder | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. | |||||
| CVE-2020-13643 | 1 Siteorigin | 1 Page Builder | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. | |||||
| CVE-2016-3691 | 1 Kallithea-scm | 1 Kallithea | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | |||||
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||||
| CVE-2020-13458 | 1 Verbb | 1 Image Resizer | 2020-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. | |||||
| CVE-2020-13412 | 1 Aviatrix | 1 Controller | 2020-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | |||||
| CVE-2020-13416 | 1 Aviatrix | 1 Controller | 2020-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | |||||
| CVE-2020-4286 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2020-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. | |||||
| CVE-2020-12257 | 1 Rconfig | 1 Rconfig | 2020-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | |||||
| CVE-2019-20390 | 1 Intelliants | 1 Subrion | 2020-05-18 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | |||||
| CVE-2020-5576 | 1 Sixapart | 1 Movable Type | 2020-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-18703 | 1 Netgear | 56 D1500, D1500 Firmware, D500 and 53 more | 2020-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2020-05-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2020-05-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | |||||
| CVE-2019-19517 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | |||||