Total
7939 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6659 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. | |||||
| CVE-2016-9455 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. | |||||
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||||
| CVE-2017-1000224 | 1 Embedplus | 1 Youtube | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | |||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | |||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | |||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||||
| CVE-2016-6521 | 1 Gopivotal | 1 Grails | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | |||||
| CVE-2015-5607 | 2 Fedoraproject, Ipython | 2 Fedora, Ipython | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in the REST API in IPython 2 and 3. | |||||
| CVE-2017-11455 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | |||||
| CVE-2016-4891 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | |||||
| CVE-2017-6038 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request. | |||||
| CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||||
| CVE-2017-2688 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | |||||
| CVE-2017-13129 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | |||||
| CVE-2017-9413 | 1 Subsonic | 1 Subsonic | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. | |||||
| CVE-2017-12703 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. | |||||
| CVE-2017-6914 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. | |||||
| CVE-2016-2965 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | |||||
| CVE-2017-6756 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280. | |||||