Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6642 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||||
| CVE-2014-9336 | 1 Itwitter Project | 1 Itwitter | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. | |||||
| CVE-2015-4397 | 1 Node Template Project | 1 Node Template | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors. | |||||
| CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | |||||
| CVE-2014-4783 | 1 Ibm | 1 Initiate Master Data Service | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-0596 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | |||||
| CVE-2014-9099 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | |||||
| CVE-2014-5241 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 6.8 MEDIUM | N/A |
| The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set. | |||||
| CVE-2014-9337 | 1 Mikiurl Wordpress Eklentisi Project | 1 Mikiurl Wordpress Eklentisi | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9413 | 1 Ip Ban Project | 1 Ip Ban | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php. | |||||
| CVE-2014-4865 | 1 Cacheguard | 1 Cacheguardos | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-6373 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. | |||||
| CVE-2016-4820 | 1 Iodata | 2 Etx-r, Etx-r Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-5665 | 1 Lockon | 1 Ec-cube | 2025-04-12 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. | |||||
| CVE-2014-9400 | 1 Wp Unique Article Header Image Project | 1 Wp Unique Article Header Image | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. | |||||
| CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||||
| CVE-2016-1201 | 1 Lockon | 1 Ec-cube | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2014-9396 | 1 Simpleflickr Project | 1 Simpleflickr | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | |||||
| CVE-2013-3086 | 1 Belkin | 2 N900, N900 Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | |||||
| CVE-2013-2692 | 1 Openvpn | 1 Openvpn Access Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users. | |||||