Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1003008 | 1 Jenkins | 1 Warnings Next Generation | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | |||||
| CVE-2019-1003007 | 1 Jenkins | 1 Warnings | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | |||||
| CVE-2019-1000022 | 1 Taoensso | 1 Sente | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later. | |||||
| CVE-2019-1000003 | 1 Mapsvg | 1 Mapsvg Lite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. | |||||
| CVE-2019-0398 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | |||||
| CVE-2019-0267 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | |||||
| CVE-2019-0235 | 1 Apache | 1 Ofbiz | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. | |||||
| CVE-2019-0229 | 1 Apache | 1 Airflow | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. | |||||
| CVE-2018-9927 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. | |||||
| CVE-2018-9926 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | |||||
| CVE-2018-9923 | 1 Icmsdev | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | |||||
| CVE-2018-9856 | 1 Kotti Project | 1 Kotti | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | |||||
| CVE-2018-9281 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | |||||
| CVE-2018-9134 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | |||||
| CVE-2018-9108 | 1 Quickappscms | 1 Quickapps Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | |||||
| CVE-2018-9092 | 1 1234n | 1 Minicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | |||||
| CVE-2018-8979 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||||
| CVE-2018-8972 | 1 Creditwestbank | 1 Cwcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. | |||||
| CVE-2018-8925 | 1 Synology | 1 Photo Station | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | |||||
| CVE-2018-8908 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. | |||||