Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13445 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | |||||
| CVE-2018-13340 | 1 Gleeztech | 1 Gleez Cms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | |||||
| CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | |||||
| CVE-2018-12603 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | |||||
| CVE-2018-12739 | 1 Beescms | 1 Beescms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | |||||
| CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2018-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | |||||
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||||
| CVE-2018-1000514 | 1 Limesurvey | 1 Limesurvey | 2018-08-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | |||||
| CVE-2018-12971 | 1 Easycms | 1 Easycms | 2018-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
| CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | |||||
| CVE-2018-12583 | 1 Akcms Project | 1 Akcms | 2018-08-09 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. | |||||
| CVE-2018-12659 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | |||||
| CVE-2017-5394 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2018-12114 | 1 Maccms | 1 Maccms | 2018-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | |||||
| CVE-2015-5996 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2018-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2018-12354 | 1 Knowage-suite | 1 Knowage | 2018-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | |||||
| CVE-2017-7635 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | |||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | |||||
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | |||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2018-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | |||||