Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6134 | 1 Omniauth-oauth2 Project | 1 Omniauth-oauth2 | 2019-08-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state. | |||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2019-08-01 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | |||||
| CVE-2008-1981 | 1 E-publish Project | 1 E-publish | 2019-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | |||||
| CVE-2019-14327 | 1 Custom Simple Rss Project | 1 Custom Simple Rss | 2019-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. | |||||
| CVE-2019-12826 | 1 Wpchef | 1 Widget Logic | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code. | |||||
| CVE-2012-4053 | 1 Ez | 1 Ez Publish | 2019-07-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-6262 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | |||||
| CVE-2019-11712 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-9231 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2019-07-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented. | |||||
| CVE-2019-13611 | 1 Python-engineio Project | 1 Python-engineio | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | |||||
| CVE-2019-1010112 | 1 Phpcoo | 1 Oecms | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3. | |||||
| CVE-2019-7953 | 1 Adobe | 1 Experience Manager | 2019-07-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | |||||
| CVE-2019-13961 | 1 Flatcore | 1 Flatcore | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | |||||
| CVE-2019-13974 | 1 Layerbb | 1 Layerbb | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | |||||
| CVE-2019-1010094 | 1 Domainmod | 1 Domainmod | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2019-13949 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. | |||||
| CVE-2013-2752 | 1 Netgear | 1 Raidiator | 2019-07-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | |||||
| CVE-2013-4306 | 1 Mediawiki | 1 Mediawiki | 2019-07-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. | |||||
| CVE-2019-13594 | 1 Mirumee | 1 Saleor | 2019-07-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | |||||
| CVE-2019-12363 | 1 Mybb-2fa Project | 1 Mybb-2fa | 2019-07-17 | 6.8 MEDIUM | 8.8 HIGH |
| An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. | |||||