Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12923 | 1 Mailenable | 1 Mailenable | 2019-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker. | |||||
| CVE-2019-5974 | 1 Contest-gallery | 1 Contest Gallery | 2019-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-13810 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2019-07-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| Wikimedia MediaWiki through 1.32.1 allows CSRF. | |||||
| CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2019-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | |||||
| CVE-2013-4963 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact. | |||||
| CVE-2013-1399 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2019-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2019-12851 | 1 Jetbrains | 1 Youtrack | 2019-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | |||||
| CVE-2018-11427 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2019-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | |||||
| CVE-2019-13401 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2019-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | |||||
| CVE-2019-13183 | 1 Flarum | 1 Flarum | 2019-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. | |||||
| CVE-2019-5971 | 1 Sukimalab | 1 Attendance Manager | 2019-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5968 | 1 Weseek | 1 Growi | 2019-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'. | |||||
| CVE-2019-5960 | 1 Custom4web | 1 Wp Open Graph | 2019-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-10986 | 1 Open-xchange | 1 Ox Guard | 2019-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| OX Guard 2.8.0 has CSRF. | |||||
| CVE-2019-13056 | 1 Cyberpanel | 1 Cyberpanel | 2019-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection. | |||||
| CVE-2019-12836 | 1 Bobronix | 1 Jeditor | 2019-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover. | |||||
| CVE-2019-1874 | 1 Cisco | 1 Prime Service Catalog | 2019-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | |||||
| CVE-2018-17387 | 1 Ranksol | 1 Nimble Professional | 2019-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account. | |||||
| CVE-2017-8328 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2019-06-21 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue. | |||||