Total
8046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6081 | 1 Zammad | 1 Zammad | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | |||||
| CVE-2016-4886 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-3794 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | |||||
| CVE-2017-14925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. | |||||
| CVE-2016-6045 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2017-7556 | 1 Hawt | 1 Hawtio | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | |||||
| CVE-2016-8718 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. | |||||
| CVE-2017-6917 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. | |||||
| CVE-2017-8836 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface. | |||||
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | |||||
| CVE-2017-7557 | 1 Powerdns | 1 Dnsdist | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | |||||
| CVE-2017-9519 | 1 Atmail | 1 Atmail | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | |||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||||
| CVE-2017-1000244 | 1 Jenkins | 1 Favorite | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | |||||
| CVE-2015-8624 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. | |||||
| CVE-2015-4619 | 1 Denkgroot | 1 Spina | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. | |||||
| CVE-2017-9415 | 1 Subsonic | 1 Subsonic | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. | |||||
| CVE-2017-5475 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | |||||
| CVE-2017-10961 | 1 Vanderbilt | 1 Redcap | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | |||||
| CVE-2016-4891 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | |||||