Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2017-18485 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2019-08-15 | 5.8 MEDIUM | 5.4 MEDIUM |
| Cognitoys Dino devices allow profiles_add.html CSRF. | |||||
| CVE-2016-10862 | 1 Neetcables | 2 Airstream Nas, Airstream Nas Firmware | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||
| CVE-2016-10865 | 1 23systems | 1 Lightbox Plus Colorbox | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. | |||||
| CVE-2016-10876 | 1 Wpseeds | 1 Wp Database Backup | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | |||||
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | |||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | |||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2019-08-13 | 4.3 MEDIUM | 8.8 HIGH |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | |||||
| CVE-2019-7947 | 1 Magento | 1 Magento | 2019-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2011-0447 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 6.8 MEDIUM | N/A |
| Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | |||||
| CVE-2008-5189 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | |||||
| CVE-2019-7874 | 1 Magento | 1 Magento | 2019-08-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | |||||
| CVE-2019-7873 | 1 Magento | 1 Magento | 2019-08-07 | 5.8 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | |||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2019-08-06 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | |||||
| CVE-2019-7857 | 1 Magento | 1 Magento | 2019-08-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | |||||
| CVE-2019-7865 | 1 Magento | 1 Magento | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. | |||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | |||||
| CVE-2019-14328 | 1 Simple-membership-plugin | 1 Simple Membership | 2019-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | |||||
| CVE-2019-3959 | 1 Wallaceit | 1 Wallacepos | 2019-08-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||