Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10847 | 1 Computrols | 1 Computrols Building Automation Software | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | |||||
| CVE-2019-18411 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. | |||||
| CVE-2019-8109 | 1 Magento | 1 Magento | 2019-11-07 | 6.0 MEDIUM | 8.0 HIGH |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | |||||
| CVE-2019-18650 | 1 Joomla | 1 Joomla\! | 2019-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. | |||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2019-11-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | |||||
| CVE-2019-18206 | 1 Zucchetti | 1 Infobusiness | 2019-11-05 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | |||||
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2019-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | |||||
| CVE-2019-1010095 | 1 Domainmod | 1 Domainmod | 2019-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2019-1010096 | 1 Domainmod | 1 Domainmod | 2019-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2010-4241 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-10-29 | 6.8 MEDIUM | 8.8 HIGH |
| Tiki Wiki CMS Groupware 5.2 has CSRF | |||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2019-10-28 | 9.3 HIGH | 8.8 HIGH |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | |||||
| CVE-2019-18414 | 1 Sourcecodester | 1 Restaurant Management System | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | |||||
| CVE-2019-9597 | 1 Darktrace | 1 Enterprise Immune System | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. | |||||
| CVE-2019-9596 | 1 Darktrace | 1 Enterprise Immune System | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. | |||||
| CVE-2019-8234 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-6282 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-18220 | 1 Sitemagic | 1 Sitemagic | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions. | |||||
| CVE-2015-9498 | 1 Wpserveur | 1 Wps Hide Login | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | |||||
| CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2019-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
| CVE-2014-8773 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 6.8 MEDIUM | N/A |
| MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. | |||||