Total
8017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5789 | 1 Jantek | 2 Jtc-200, Jtc-200 Firmware | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | |||||
| CVE-2017-9365 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | |||||
| CVE-2017-5476 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | |||||
| CVE-2016-4928 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | |||||
| CVE-2016-4879 | 1 Basercms | 2 Basercms, Mail | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-5169 | 1 Hanwha-security | 1 Smart Security Manager | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-6180 | 1 Keekoonvision | 2 Kk002 Ip Camera, Kk002 Ip Camera Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | |||||
| CVE-2017-12589 | 1 Tomaxcom | 4 R60g, R60g Firmware, R60gv2 and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | |||||
| CVE-2017-16780 | 1 Mybb | 1 Mybb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | |||||
| CVE-2017-1097 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. | |||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | |||||
| CVE-2016-5372 | 1 Netapp | 1 Snap Creator Framework | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2017-2244 | 1 Brother | 2 Mfc-j960dwn, Mfc-j960dwn Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | |||||
| CVE-2017-8874 | 1 Acquia | 1 Mautic | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | |||||
| CVE-2017-7852 | 1 Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | |||||
| CVE-2016-10701 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||||
| CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | |||||
| CVE-2017-1000092 | 1 Jenkins | 1 Git | 2025-04-20 | 2.6 LOW | 7.5 HIGH |
| Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. | |||||