Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | |||||
| CVE-2020-1103 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2020-15400 | 1 Cakefoundation | 1 Cakephp | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. | |||||
| CVE-2021-20781 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2021-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-20782 | 1 Tipsandtricks-hq | 1 Software License Manager | 2021-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-8082 | 1 Concretecms | 1 Concrete Cms | 2021-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators. | |||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2021-07-14 | 6.8 MEDIUM | 8.8 HIGH |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | |||||
| CVE-2020-23960 | 1 Fork-cms | 1 Fork Cms | 2021-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | |||||
| CVE-2020-20586 | 1 Xyhcms | 1 Xyhcms | 2021-07-12 | 3.5 LOW | 4.5 MEDIUM |
| A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | |||||
| CVE-2021-20779 | 1 Codemiq | 1 Wordpress Email Template Designer | 2021-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-20780 | 1 Wp-currency | 1 Wordpress Currency Switcher | 2021-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | |||||
| CVE-2021-32730 | 1 Xwiki | 1 Xwiki | 2021-07-09 | 4.3 MEDIUM | 5.7 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template. | |||||
| CVE-2017-10961 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | |||||
| CVE-2021-20580 | 1 Ibm | 1 Planning Analytics | 2021-06-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. | |||||
| CVE-2021-34244 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords. | |||||
| CVE-2021-32424 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. | |||||
| CVE-2016-10861 | 1 Neetcables | 2 Airstream, Airstream Nas Firmware | 2021-06-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | |||||
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | |||||
| CVE-2021-31659 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2021-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. | |||||