Total
7613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21321 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. | |||||
| CVE-2020-21236 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | |||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | |||||
| CVE-2020-21139 | 1 Ec Cloud E-commerce System Project | 1 Ec Cloud E-commerce System | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. | |||||
| CVE-2020-21126 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. | |||||
| CVE-2020-21081 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. | |||||
| CVE-2020-20989 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | |||||
| CVE-2020-20971 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | |||||
| CVE-2020-20945 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | |||||
| CVE-2020-20943 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | |||||
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | |||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2020-20595 | 1 Opms Project | 1 Opms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | |||||
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | |||||
| CVE-2020-20586 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | |||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||||
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | |||||