Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36542 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-35491 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14. | |||||
| CVE-2021-35343 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | |||||
| CVE-2021-34773 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts. | |||||
| CVE-2021-34743 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile. | |||||
| CVE-2021-34661 | 1 Verygoodplugins | 1 Wp Fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | |||||
| CVE-2021-34645 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | |||||
| CVE-2021-34637 | 1 Post Index Project | 1 Post Index | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. | |||||
| CVE-2021-34636 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7. | |||||
| CVE-2021-34634 | 1 Sola-newsletters Project | 1 Sola-newsletters | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | |||||
| CVE-2021-34633 | 1 Youtube Feeder Project | 1 Youtube Feeder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | |||||
| CVE-2021-34632 | 1 Seo Backlinks Project | 1 Seo Backlinks | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | |||||
| CVE-2021-34631 | 1 Ipdgroup | 1 Newsplugin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | |||||
| CVE-2021-34628 | 1 Weblizar | 1 Admin Custom Login | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | |||||
| CVE-2021-34620 | 1 Fluentforms | 1 Contact Form | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions | |||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | |||||
| CVE-2021-34547 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. | |||||
| CVE-2021-34360 | 1 Qnap | 4 Nas Proxy Server, Qts, Quts Hero and 1 more | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later | |||||
| CVE-2021-34358 | 1 Qnap | 2 Nas, Qmailagent | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
| We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | |||||