Vulnerabilities (CVE)

Filtered by CWE-352
Total 7863 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3187 1 Dotcms 1 Dotcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.
CVE-2017-2613 1 Jenkins 1 Jenkins 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
CVE-2017-20120 1 Trueconf 1 Server 2024-11-21 6.8 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20091 1 Wpjos 1 Library File Manager 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.
CVE-2017-20090 1 Global Content Blocks Project 1 Global Content Blocks 2024-11-21 6.8 MEDIUM 4.3 MEDIUM
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
CVE-2017-20088 1 Bytesforall 1 Atahualpa 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
CVE-2017-20065 1 Supsystic 1 Popup 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20062 1 Elefantcms 1 Elefant Cms 2024-11-21 6.8 MEDIUM 5.0 MEDIUM
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20053 1 Xyzscripts 1 Contact Form Manager 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20045 1 Vendavo 1 Pricepoint 2024-11-21 6.8 MEDIUM 7.3 HIGH
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20020 1 Solar-log 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more 2024-11-21 6.8 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-1769 1 Ibm 1 Business Process Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
CVE-2017-1672 1 Ibm 1 Security Key Lifecycle Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
CVE-2017-18903 1 Mattermost 1 Mattermost Server 2024-11-21 5.1 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2017-18861 1 Netgear 1 Readynas Surveillance 2024-11-21 7.9 HIGH 8.0 HIGH
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
CVE-2017-18852 1 Netgear 8 R7300dst, R7300dst Firmware, R8300 and 5 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.
CVE-2017-18848 1 Netgear 8 Ac1450, Ac1450 Firmware, R6300 and 5 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
CVE-2017-18842 1 Netgear 10 D2200d, D2200d Firmware, D2200dw-1frnas and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.
CVE-2017-18791 1 Netgear 26 D7000, D7000 Firmware, Jnr1010 and 23 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
CVE-2017-18782 1 Netgear 36 D6200, D6200 Firmware, D7000 and 33 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.