Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11374 | 1 74cms | 1 74cms | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. | |||||
| CVE-2019-1003010 | 2 Jenkins, Redhat | 2 Git, Openshift Container Platform | 2019-04-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. | |||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2019-04-23 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | |||||
| CVE-2018-19969 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | |||||
| CVE-2018-17168 | 1 Printeron | 1 Printeron | 2019-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | |||||
| CVE-2019-10642 | 1 Contao | 1 Contao Cms | 2019-04-18 | 6.8 MEDIUM | 8.8 HIGH |
| Contao 4.7 allows CSRF. | |||||
| CVE-2019-9176 | 1 Gitlab | 1 Gitlab | 2019-04-17 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. | |||||
| CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2019-04-17 | 6.0 MEDIUM | 8.0 HIGH |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | |||||
| CVE-2018-16365 | 1 Idreamsoft | 1 Icms | 2019-04-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | |||||
| CVE-2018-16366 | 1 Idreamsoft | 1 Icms | 2019-04-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | |||||
| CVE-2018-19291 | 1 Dilicms | 1 Dilicms | 2019-04-16 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | |||||
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2019-04-16 | 6.8 MEDIUM | 7.5 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2017-18366 | 1 Intelliants | 1 Subrion Cms | 2019-04-15 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.1.5 has CSRF in blog/delete/. | |||||
| CVE-2019-11078 | 1 Mkcms Project | 1 Mkcms | 2019-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. | |||||
| CVE-2019-10888 | 1 Ukcms | 1 Ukcms | 2019-04-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html. | |||||
| CVE-2019-6607 | 1 F5 | 1 Big-ip Application Security Manager | 2019-04-05 | 6.0 MEDIUM | 6.8 MEDIUM |
| On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. | |||||
| CVE-2019-7440 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2019-04-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). | |||||
| CVE-2014-7198 | 1 Openmicroscopy | 1 Omero | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | |||||
| CVE-2019-10644 | 1 Hyphp | 1 Hybbs | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. | |||||
| CVE-2019-9604 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | |||||