Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10166 | 1 Tp-link | 1 Eap Controller | 2018-06-12 | 6.8 MEDIUM | 8.8 HIGH |
| The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2018-06-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | |||||
| CVE-2018-1479 | 1 Ibm | 1 Bigfix Platform | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. | |||||
| CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | |||||
| CVE-2018-10265 | 1 Hongcms Project | 1 Hongcms | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. | |||||
| CVE-2018-10266 | 1 Beescms | 1 Beescms | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. | |||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | |||||
| CVE-2013-0663 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2018-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | |||||
| CVE-2018-10222 | 1 Icmsdev | 1 Icms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | |||||
| CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | |||||
| CVE-2018-10249 | 1 Baijiacms Project | 1 Baijiacms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. | |||||
| CVE-2018-10188 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. | |||||
| CVE-2018-10185 | 1 Tuzicms | 1 Tuzicms | 2018-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call. | |||||
| CVE-2016-5809 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2018-05-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | |||||
| CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2018-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | |||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
| CVE-2018-1000153 | 1 Jenkins | 1 Vsphere | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). | |||||
| CVE-2018-6874 | 1 Auth0 | 1 Auth0.js | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | |||||