Total
8013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | |||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | |||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | |||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | |||||
| CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | |||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | |||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | |||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | |||||
| CVE-2020-16208 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). | |||||
| CVE-2020-15882 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. | |||||
| CVE-2020-15789 | 1 Siemens | 1 Polarion Subversion Webclient | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. | |||||
| CVE-2020-15711 | 1 Misp | 1 Misp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. | |||||
| CVE-2020-15700 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | |||||
| CVE-2020-15695 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. | |||||
| CVE-2020-15660 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | |||||