Search
Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9598 | 1 Chshcms | 1 Cscms | 2019-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds. | |||||
| CVE-2019-9603 | 1 1234n | 1 Minicms | 2019-03-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. | |||||
| CVE-2019-9052 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | |||||
| CVE-2019-9051 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | |||||
| CVE-2019-9049 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | |||||
| CVE-2019-9048 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | |||||
| CVE-2019-8902 | 1 Idreamsoft | 1 Icms | 2019-02-19 | 4.9 MEDIUM | 5.7 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | |||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2019-02-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | |||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2019-02-12 | 4.9 MEDIUM | 5.7 MEDIUM |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | |||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2019-02-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
| CVE-2018-19829 | 1 Artica | 1 Integria Ims | 2019-01-30 | 5.8 MEDIUM | 6.5 MEDIUM |
| Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||||
| CVE-2018-1000411 | 1 Jenkins | 1 Junit | 2019-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. | |||||
| CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2019-01-23 | 5.8 MEDIUM | 5.4 MEDIUM |
| Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2019-01-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | |||||
| CVE-2018-2474 | 1 Sap | 1 Fiori | 2019-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | |||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | |||||
| CVE-2018-8892 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | |||||
| CVE-2018-19621 | 1 Showdoc | 1 Showdoc | 2018-12-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | |||||
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2018-12-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | |||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2018-12-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | |||||
| CVE-2018-19334 | 1 Google | 1 Monorail | 2018-12-18 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-10099 | 1 Google | 1 Monorail | 2018-12-18 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2018-12-18 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | |||||
| CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| RhinOS 3.0 build 1190 allows CSRF. | |||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | |||||
| CVE-2018-13398 | 1 Atlassian | 2 Crucible, Fisheye | 2018-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2018-11-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2018-11-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | |||||
| CVE-2018-17070 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. | |||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2018-10-31 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | |||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | |||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2018-10-18 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | |||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2018-10-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
| CVE-2018-13394 | 1 Atlassian | 1 Questions For Confluence | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2018-13393 | 1 Atlassian | 1 Questions For Confluence | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2018-15569 | 1 Mylittleforum | 1 My Little Forum | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| my little forum 2.4.12 allows CSRF for deletion of users. | |||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2018-10-09 | 3.5 LOW | 5.7 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | |||||
| CVE-2018-15203 | 1 Ignitedcms Project | 1 Ignitedcms | 2018-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. | |||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2018-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | |||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||||
| CVE-2018-1000514 | 1 Limesurvey | 1 Limesurvey | 2018-08-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | |||||
| CVE-2018-12971 | 1 Easycms | 1 Easycms | 2018-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
| CVE-2018-12583 | 1 Akcms Project | 1 Akcms | 2018-08-09 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. | |||||
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | |||||
| CVE-2018-11632 | 1 Multidots | 1 Add Social Share Messenger Buttons Whatsapp And Viber | 2018-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function. | |||||