Total
7828 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | |||||
CVE-2018-10696 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs. | |||||
CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | |||||
CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | |||||
CVE-2018-10267 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. | |||||
CVE-2018-10266 | 1 Beescms | 1 Beescms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. | |||||
CVE-2018-10265 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. | |||||
CVE-2018-10249 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. | |||||
CVE-2018-10233 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | |||||
CVE-2018-10232 | 1 Topdesk | 1 Topdesk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors. | |||||
CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | |||||
CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
CVE-2018-10222 | 1 Icmsdev | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | |||||
CVE-2018-10188 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. | |||||
CVE-2018-10185 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call. | |||||
CVE-2018-10166 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. | |||||
CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | |||||
CVE-2018-10127 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role. |