Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3884 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2018-11-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2018-11-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2018-11-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
| CVE-2018-18191 | 1 Finecms | 1 Finecms | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-18215 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. | |||||
| CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | |||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | |||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2018-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico). | |||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | |||||
| CVE-2018-17070 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. | |||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | |||||
| CVE-2018-14769 | 1 Vivotek | 1 Camera | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | |||||
| CVE-2018-16345 | 1 Easycms | 1 Easycms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
| CVE-2018-17366 | 1 Mcms Project | 1 Mcms | 2018-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | |||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | |||||