Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20851 | 1 Browser And Operating System Finder Project | 1 Browser And Operating System Finder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.
|
|||||
| CVE-2021-20846 | 1 Delitestudio | 1 Push Notifications For Wordpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.
|
|||||
| CVE-2021-20845 | 1 Xml-sitemaps | 1 Unlimited Sitemap Generator | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page.
|
|||||
| CVE-2021-20842 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
|
|||||
| CVE-2021-20831 | 1 Og Tags Project | 1 Og Tags | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified vectors.
|
|||||
| CVE-2021-20795 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
|
|||||
| CVE-2021-20786 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.
|
|||||
| CVE-2021-20783 | 1 Softbank | 2 Optical Bb Unit E-wmta, Optical Bb Unit E-wmta Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.
|
|||||
| CVE-2021-20782 | 1 Tipsandtricks-hq | 1 Software License Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20781 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20780 | 1 Wp-currency | 1 Wordpress Currency Switcher | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20779 | 1 Codemiq | 1 Wordpress Email Template Designer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20758 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
|
|||||
| CVE-2021-20687 | 1 Daifukuya | 1 Kagemai | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20652 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20650 | 1 Elecom | 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
|
|||||
| CVE-2021-20647 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
|
|||||
| CVE-2021-20646 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
|
|||||
| CVE-2021-20641 | 1 Logitech | 2 Lan-w300n\/rs, Lan-w300n\/rs Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
|
|||||
| CVE-2021-20636 | 1 Logitech | 2 Lan-w300n\/pr5b, Lan-w300n\/pr5b Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
|
|||||
| CVE-2021-20621 | 1 Aterm | 4 Wg2600hp, Wg2600hp2, Wg2600hp2 Firmware and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2021-20580 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.
|
|||||
| CVE-2021-20489 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.
|
|||||
| CVE-2021-20468 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
|
|||||
| CVE-2021-20403 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
|||||
| CVE-2021-20165 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
|
|||||
| CVE-2021-20126 | 1 Draytek | 1 Vigorconnect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
|
|||||
| CVE-2021-20120 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
|
|||||
| CVE-2021-20102 | 1 Machform | 1 Machform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
|
|||||
| CVE-2021-20096 | 1 Lucyparsonslabs | 1 Openoversight | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
|
|||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
|
|||||
| CVE-2021-1227 | 1 Cisco | 46 Mds 9148s, Mds 9250i, Mds 9706 and 43 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the a ...
Show More |
|||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.
|
|||||
| CVE-2020-9394 | 1 Supsystic | 1 Pricing Table By Supsystic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
|
|||||
| CVE-2020-9388 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
|
|||||
| CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
|
|||||
| CVE-2020-9341 | 1 Auieo | 1 Candidats | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
|
|||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
|
|||||
| CVE-2020-9270 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
|
|||||
| CVE-2020-9267 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
|
|||||