Total
7527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | |||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | |||||
| CVE-2018-11096 | 1 Horse Market Sell \& Rent Portal Project | 1 Horse Market Sell \& Rent Portal | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. | |||||
| CVE-2018-11092 | 1 Admin Notes Project | 1 Admin Notes | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | |||||
| CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | |||||
| CVE-2018-11004 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | |||||
| CVE-2018-11003 | 1 Yxcms | 1 Yxcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | |||||
| CVE-2018-10986 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OX Guard 2.8.0 has CSRF. | |||||
| CVE-2018-10957 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | |||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | |||||
| CVE-2018-10895 | 1 Qutebrowser | 1 Qutebrowser | 2024-11-21 | 6.8 MEDIUM | 9.3 CRITICAL |
| qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | |||||
| CVE-2018-10884 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie. | |||||
| CVE-2018-10806 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | |||||
| CVE-2018-10803 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | |||||
| CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | |||||
| CVE-2018-10696 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | |||||
| CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | |||||