Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9787 | 1 Wordpress | 1 Wordpress | 2019-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. | |||||
| CVE-2019-10237 | 1 S-cms | 1 S-cms | 2019-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | |||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2019-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | |||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2019-03-25 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | |||||
| CVE-2019-7433 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | |||||
| CVE-2018-17996 | 1 Layerbb | 1 Layerbb | 2019-03-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/. | |||||
| CVE-2019-6967 | 1 Airties | 2 Air 5341, Air 5341 Firmware | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. | |||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2019-03-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2017-6819 | 1 Wordpress | 1 Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. | |||||
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2019-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | |||||
| CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||||
| CVE-2019-5920 | 1 Ncrafts | 1 Formcraft | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
| CVE-2017-15730 | 1 Phpmyfaq | 1 Phpmyfaq | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. | |||||
| CVE-2017-6081 | 1 Zammad | 1 Zammad | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | |||||
| CVE-2015-4593 | 1 Eclinicalworks | 1 Population Health | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | |||||
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | |||||