Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
| CVE-2018-16387 | 1 Elefantcms | 1 Elefantcms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | |||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | |||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | |||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2018-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2018-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | |||||
| CVE-2018-11718 | 1 Xovis | 6 Pc2, Pc2 Firmware, Pc2r and 3 more | 2018-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. | |||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2018-10-19 | 6.8 MEDIUM | 8.8 HIGH |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | |||||
| CVE-2015-4639 | 1 Koha | 1 Koha | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name. | |||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2018-10-18 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | |||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2018-10-17 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||
| CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2018-10-17 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | |||||
| CVE-2018-15851 | 1 Flexocms Project | 1 Flexo Cms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. | |||||
| CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | |||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | |||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2018-10-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
| CVE-2018-15844 | 1 Damicms | 1 Damicms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | |||||
| CVE-2018-15846 | 1 Fledrcms Project | 1 Fledrcms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | |||||
| CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | |||||
| CVE-2015-7446 | 1 Ibm | 5 Flashsystem 9846-ac2, Flashsystem 9846-ae2, Flashsystem 9848-ac2 and 2 more | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||