Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34547 | 1 Paessler | 1 Prtg Network Monitor | 2021-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. | |||||
| CVE-2020-13663 | 1 Drupal | 1 Drupal | 2021-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | |||||
| CVE-2020-35759 | 1 Bloofox | 1 Bloofoxcms | 2021-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). | |||||
| CVE-2018-13031 | 1 Damicms | 1 Damicms | 2021-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | |||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2021-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | |||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2021-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | |||||
| CVE-2015-5258 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Social | 2021-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | |||||
| CVE-2020-35972 | 1 Yzmcms | 1 Yzmcms | 2021-06-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. | |||||
| CVE-2020-26641 | 1 Idreamsoft | 1 Icms | 2021-06-03 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | |||||
| CVE-2017-11649 | 1 Draytek | 2 Vigorap 910c, Vigorap 910c Firmware | 2021-06-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. | |||||
| CVE-2021-26296 | 2 Apache, Netapp | 2 Myfaces, Oncommand Insight | 2021-06-02 | 5.1 MEDIUM | 7.5 HIGH |
| In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | |||||
| CVE-2021-26033 | 1 Joomla | 1 Joomla\! | 2021-05-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. | |||||
| CVE-2021-26034 | 1 Joomla | 1 Joomla\! | 2021-05-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. | |||||
| CVE-2021-21549 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2021-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. | |||||
| CVE-2021-20096 | 1 Lucyparsonslabs | 1 Openoversight | 2021-05-28 | 5.8 MEDIUM | 8.1 HIGH |
| Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-25408 | 1 College Management System Project | 1 College Management System | 2021-05-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. | |||||
| CVE-2020-25411 | 1 Online Examination System Project | 1 Online Examination System | 2021-05-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. | |||||
| CVE-2021-32632 | 1 Pajbot | 1 Pajbot | 2021-05-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency. | |||||
| CVE-2021-32402 | 1 Intelbras | 2 Rf 301k, Rf 301k Firmware | 2021-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. | |||||
| CVE-2020-24740 | 1 Pluck-cms | 1 Pluck | 2021-05-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage | |||||