Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7595 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20974 1 Joomsky 1 Js Job Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
CVE-2018-20972 1 Codeermeneer 1 Companion Auto Update 2024-11-21 6.8 MEDIUM 8.8 HIGH
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
CVE-2018-20971 1 Churchadminplugin 1 Church Admin 2024-11-21 6.8 MEDIUM 8.8 HIGH
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
CVE-2018-20968 1 Smackcoders 1 Ultimate Exporter 2024-11-21 6.8 MEDIUM 8.8 HIGH
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
CVE-2018-20967 1 Smackcoders 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv 2024-11-21 6.8 MEDIUM 8.8 HIGH
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
CVE-2018-20964 1 Codepeople 1 Contact Form Email 2024-11-21 6.8 MEDIUM 8.8 HIGH
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
CVE-2018-20872 1 I-lan 1 Draytekl Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
CVE-2018-20848 1 Peel 1 Peel Shopping 2024-11-21 6.8 MEDIUM 8.8 HIGH
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
CVE-2018-20816 1 Salesagility 1 Suitecrm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVE-2018-20780 1 Traq 1 Traq 2024-11-21 6.8 MEDIUM 8.8 HIGH
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
CVE-2018-20728 1 Nedi 1 Nedi 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
CVE-2018-20648 1 Car Rental Script Project 1 Car Rental Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
CVE-2018-20644 1 Basic B2b Script Project 1 Basic B2b Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
CVE-2018-20641 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
CVE-2018-20633 1 Advance B2b Script Project 1 Advance B2b Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
CVE-2018-20613 1 Temmoku Project 1 Temmoku 2024-11-21 6.8 MEDIUM 8.8 HIGH
TEMMOKU T1.09 Beta allows admin/user/add CSRF.
CVE-2018-20612 1 Asthis 1 Universal Website Asthis 2024-11-21 6.8 MEDIUM 8.8 HIGH
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
CVE-2018-20603 1 Lfdycms 1 Lei Feng Tv Cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.
CVE-2018-20598 1 Ucms Project 1 Ucms 2024-11-21 6.8 MEDIUM 8.8 HIGH
UCMS 1.4.7 has ?do=user_addpost CSRF.
CVE-2018-20595 1 Hsweb 1 Hsweb 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.