Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18463 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 2.4 LOW |
| Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | |||||
| CVE-2020-18464 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 3.5 LOW |
| Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | |||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | |||||
| CVE-2021-34661 | 1 Verygoodplugins | 1 Wp Fusion | 2021-08-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | |||||
| CVE-2020-18457 | 1 Bycms Project | 1 Bycms | 2021-08-16 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | |||||
| CVE-2020-18454 | 1 Bycms Project | 1 Bycms | 2021-08-16 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | |||||
| CVE-2020-25562 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. | |||||
| CVE-2020-21358 | 1 Wagecms Project | 1 Wage-cms | 2021-08-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | |||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2021-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | |||||
| CVE-2021-37366 | 1 Ctparental Project | 1 Ctparental | 2021-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | |||||
| CVE-2021-34631 | 1 Ipdgroup | 1 Newsplugin | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | |||||
| CVE-2021-34633 | 1 Youtube Feeder Project | 1 Youtube Feeder | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | |||||
| CVE-2021-34634 | 1 Sola-newsletters Project | 1 Sola-newsletters | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | |||||
| CVE-2021-23849 | 1 Bosch | 14 Aviotec, Aviotec Firmware, Cpp13 and 11 more | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. | |||||
| CVE-2018-13040 | 1 Opendesa | 1 Opensid | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. | |||||
| CVE-2021-34637 | 1 Post Index Project | 1 Post Index | 2021-08-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. | |||||
| CVE-2021-34632 | 1 Seo Backlinks Project | 1 Seo Backlinks | 2021-08-11 | 6.8 MEDIUM | 8.8 HIGH |
| The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | |||||
| CVE-2021-34628 | 1 Weblizar | 1 Admin Custom Login | 2021-08-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | |||||
| CVE-2021-36543 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-20783 | 1 Softbank | 2 Optical Bb Unit E-wmta, Optical Bb Unit E-wmta Firmware | 2021-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page. | |||||