Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3836 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors. | |||||
| CVE-2014-9041 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | |||||
| CVE-2012-2397 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | |||||
| CVE-2013-0301 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter. | |||||
| CVE-2013-0299 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php. | |||||
| CVE-2012-4393 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. | |||||
| CVE-2012-4753 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-0300 | 1 Owncloud | 1 Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php. | |||||
| CVE-2025-2163 | 1 Zoorum | 1 Zoorum Comments | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-26350 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 8.8 HIGH |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php | |||||
| CVE-2025-31438 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6. | |||||
| CVE-2025-31459 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1. | |||||
| CVE-2025-31440 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use allows Stored XSS. This issue affects Terms of Use: from n/a through 2.0. | |||||
| CVE-2025-31010 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3. | |||||
| CVE-2025-31456 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2. | |||||
| CVE-2025-31460 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3. | |||||
| CVE-2025-31447 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools allows Cross Site Request Forgery. This issue affects NertWorks All in One Social Share Tools: from n/a through 1.26. | |||||
| CVE-2025-31474 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3. | |||||
| CVE-2025-31449 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter allows Stored XSS. This issue affects The Visitor Counter: from n/a through 1.4.3. | |||||
| CVE-2025-31448 | 2025-03-28 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler allows Cross Site Request Forgery. This issue affects Simple Trackback Disabler: from n/a through 1.4. | |||||