Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2020-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | |||||
| CVE-2013-3935 | 1 Opsview | 2 Opsview, Opsview Core | 2020-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. | |||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2020-01-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2020-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SPBAS Business Automation Software 2012 has CSRF. | |||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2020-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-20071 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | |||||
| CVE-2017-18107 | 1 Atlassian | 1 Crowd | 2019-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default. | |||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | |||||
| CVE-2019-17633 | 1 Eclipse | 1 Che | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it. | |||||
| CVE-2019-19832 | 1 Xerox | 2 Altalink C8035, Altalink C8035 Firmware | 2019-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) | |||||
| CVE-2019-4736 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2019-12-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706. | |||||
| CVE-2019-13930 | 1 Siemens | 1 Xhq | 2019-12-19 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-0398 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | |||||
| CVE-2015-5318 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | |||||
| CVE-2015-7537 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | |||||
| CVE-2019-19685 | 1 Nopcommerce | 1 Nopcommerce | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | |||||
| CVE-2019-18346 | 1 Davical | 1 Davical | 2019-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. | |||||
| CVE-2019-4095 | 1 Ibm | 1 Cloud Pak System | 2019-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||
| CVE-2019-15934 | 1 Intesync | 1 Solismed | 2019-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| Intesync Solismed 3.3sp has CSRF. | |||||