Search
Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10480 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | |||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | |||||
| CVE-2020-10487 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | |||||
| CVE-2020-10488 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. | |||||
| CVE-2020-10489 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. | |||||
| CVE-2020-10490 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. | |||||
| CVE-2020-10491 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request. | |||||
| CVE-2020-10492 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request. | |||||
| CVE-2020-10493 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request. | |||||
| CVE-2020-10494 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. | |||||
| CVE-2020-10495 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. | |||||
| CVE-2020-10496 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. | |||||
| CVE-2020-10497 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. | |||||
| CVE-2020-10498 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. | |||||
| CVE-2020-10499 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request. | |||||
| CVE-2020-10500 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. | |||||
| CVE-2020-10501 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. | |||||
| CVE-2020-10502 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. | |||||
| CVE-2020-10503 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. | |||||
| CVE-2020-10504 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. | |||||
| CVE-2020-4199 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2020-03-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. | |||||
| CVE-2019-13199 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||||
| CVE-2019-13170 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||||
| CVE-2019-4726 | 1 Ibm | 1 Sterling B2b Integrator | 2020-03-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | |||||
| CVE-2020-6206 | 1 Sap | 1 Cloud Platform Integration | 2020-03-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery. | |||||
| CVE-2019-16107 | 1 Phpbb | 1 Phpbb | 2020-03-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. | |||||
| CVE-2020-2147 | 1 Jenkins | 1 Mac | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | |||||
| CVE-2019-12273 | 1 Outsystems | 1 Outsystems | 2020-03-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists. | |||||
| CVE-2017-8848 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | |||||
| CVE-2019-19987 | 1 Seling | 1 Visual Access Manager | 2020-02-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on. | |||||
| CVE-2020-9018 | 1 Litecart | 1 Litecart | 2020-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | |||||
| CVE-2019-19662 | 1 Maxum | 1 Rumpus Ftp | 2020-02-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-12246 | 1 Silverstripe | 1 Silverstripe | 2020-02-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | |||||
| CVE-2020-9266 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | |||||
| CVE-2020-9267 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | |||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | |||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2020-02-18 | 3.5 LOW | 5.5 MEDIUM |
| PrestaShop before 1.4.11 allows logout CSRF. | |||||
| CVE-2013-2108 | 1 Undolog | 1 Cleanfix | 2020-02-18 | 4.3 MEDIUM | 5.4 MEDIUM |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF | |||||
| CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2020-02-12 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | |||||
| CVE-2019-19667 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | |||||
| CVE-2019-19666 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. | |||||
| CVE-2019-19669 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19668 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19660 | 1 Maxum | 1 Rumpus | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html. | |||||
| CVE-2019-19665 | 1 Maxum | 1 Rumpus | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. | |||||