Total
7746 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15084 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |||||
| CVE-2017-3794 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | |||||
| CVE-2017-14683 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | |||||
| CVE-2017-14956 | 1 Alienvault | 1 Unified Security Management | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks. | |||||
| CVE-2016-4808 | 1 Web2py | 1 Web2py | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | |||||
| CVE-2017-8100 | 1 Artistscope | 1 Copysafe Web Protection | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||||
| CVE-2017-17960 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | |||||
| CVE-2017-7851 | 2 D-link, Dlink | 2 Dcs-936l, Dcs-936l | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||||
| CVE-2016-4504 | 1 Meteocontrol | 1 Weblog | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | |||||
| CVE-2017-5891 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | |||||
| CVE-2016-6033 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-6659 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. | |||||
| CVE-2016-9455 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. | |||||
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||||
| CVE-2017-1000224 | 1 Embedplus | 1 Youtube | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | |||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | |||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | |||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||||
| CVE-2016-6521 | 1 Gopivotal | 1 Grails | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | |||||