Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6467 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | |||||
| CVE-2014-9502 | 1 Open Atrium Project | 1 Open Atrium | 2018-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | |||||
| CVE-2017-4951 | 1 Vmware | 1 Airwatch | 2018-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices. | |||||
| CVE-2018-6408 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2018-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. | |||||
| CVE-2015-4179 | 1 Codestyling Localization Project | 1 Codestyling Localization | 2018-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. | |||||
| CVE-2017-9414 | 1 Subsonic | 1 Subsonic | 2018-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | |||||
| CVE-2018-5720 | 1 Dodocool | 2 Dc38, Dc38 Firmware | 2018-02-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. | |||||
| CVE-2016-4319 | 1 Atlassian | 1 Jira | 2018-02-16 | 6.8 MEDIUM | 8.8 HIGH |
| Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | |||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | |||||
| CVE-2017-1000356 | 1 Jenkins | 1 Jenkins | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | |||||
| CVE-2016-7034 | 1 Redhat | 1 Jboss Bpm Suite | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | |||||
| CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | |||||
| CVE-2018-0509 | 1 Kkcald Project | 1 Kkcald | 2018-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2018-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2018-5976 | 1 Rsvp Invitation Online Project | 1 Rsvp Invitation Online | 2018-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | |||||
| CVE-2018-5969 | 1 Photography Cms Project | 1 Photography Cms | 2018-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | |||||
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2018-02-09 | 6.8 MEDIUM | 8.8 HIGH |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | |||||
| CVE-2017-1769 | 1 Ibm | 1 Business Process Manager | 2018-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. | |||||
| CVE-2018-1000014 | 1 Jenkins | 1 Translation Assistance | 2018-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator. | |||||
| CVE-2018-1000013 | 1 Jenkins | 1 Release | 2018-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. | |||||