Vulnerabilities (CVE)

Filtered by CWE-352
Total 7828 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18513 1 Expresstech 1 Responsive Menu 2024-11-21 6.8 MEDIUM 8.8 HIGH
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
CVE-2017-18512 1 Supsystic 1 Newsletter By Supsystic 2024-11-21 6.8 MEDIUM 8.8 HIGH
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
CVE-2017-18511 1 Wpmudev 1 Custom Sidebars 2024-11-21 6.8 MEDIUM 8.8 HIGH
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
CVE-2017-18510 1 Wpmudev 1 Custom Sidebars 2024-11-21 6.8 MEDIUM 8.8 HIGH
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
CVE-2017-18504 1 Wpdeveloper 1 Twitter Cards Meta 2024-11-21 6.8 MEDIUM 8.8 HIGH
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
CVE-2017-18485 1 Elementalpath 2 Cognitoys Dino, Cognitoys Dino Firmware 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
Cognitoys Dino devices allow profiles_add.html CSRF.
CVE-2017-18366 1 Intelliants 1 Subrion Cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVE-2017-18107 1 Atlassian 1 Crowd 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.
CVE-2017-18080 1 Atlassian 1 Bamboo 2024-11-21 6.8 MEDIUM 8.8 HIGH
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18042 1 Atlassian 1 Bamboo 2024-11-21 6.8 MEDIUM 8.8 HIGH
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18033 1 Atlassian 1 Jira 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
CVE-2017-17835 1 Apache 1 Airflow 2024-11-21 6.8 MEDIUM 8.8 HIGH
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
CVE-2017-17552 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 6.8 MEDIUM 8.8 HIGH
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
CVE-2017-17550 1 Zyxel 2 Zywall Usg 100, Zywall Usg 100 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
CVE-2017-16886 1 Fiberhome 2 Lm53q1, Lm53q1 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.
CVE-2017-16862 1 Atlassian 1 Jira 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-16756 1 Userscape 1 Helpspot 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
CVE-2017-15608 1 Inedo 1 Proget 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
CVE-2017-12790 1 Metinfo 1 Metinfo 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.
CVE-2017-12789 1 Metinfo 1 Metinfo 2024-11-21 6.8 MEDIUM 8.8 HIGH
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.