Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7433 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
|
|||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
|
|||||
| CVE-2019-7391 | 1 Zyxel | 4 Dsl-491hnu-b10b, Dsl-491hnu-b10b Firmware, Dsl-491hnu-b1b V2 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
|
|||||
| CVE-2019-7357 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
|
|||||
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.
|
|||||
| CVE-2019-7281 | 1 Primasystems | 1 Flexair | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
|
|||||
| CVE-2019-7273 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
|
|||||
| CVE-2019-7270 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF).
|
|||||
| CVE-2019-7262 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
|
|||||
| CVE-2019-6967 | 1 Airties | 2 Air 5341, Air 5341 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
|
|||||
| CVE-2019-6779 | 1 Chshcms | 1 Cscms | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
|
|||||
| CVE-2019-6710 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
|
|||||
| CVE-2019-6636 | 1 F5 | 2 Big-ip Advanced Firewall Manager, Big-ip Application Security Manager | 2024-11-21 | 8.5 HIGH | 8.4 HIGH |
|
On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.
|
|||||
| CVE-2019-6607 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
|
On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.
|
|||||
| CVE-2019-6561 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
|
|||||
| CVE-2019-6510 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
|
|||||
| CVE-2019-6509 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
|
|||||
| CVE-2019-6508 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
|
|||||
| CVE-2019-6507 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
|
|||||
| CVE-2019-6325 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.
|
|||||
| CVE-2019-6320 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
|
|||||
| CVE-2019-6319 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.
|
|||||
| CVE-2019-6294 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
|
|||||
| CVE-2019-6282 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
|
|||||
| CVE-2019-6249 | 1 Hucart | 1 Hucart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
|
|||||
| CVE-2019-6244 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.
|
|||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
|
|||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5993 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5992 | 1 Ultra-prod | 1 Wordpress Ultra Simple Paypal Shopping Cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5986 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware vers ...
Show More |
|||||
| CVE-2019-5984 | 1 Waspthemes | 1 Custom Css Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5983 | 1 Fla-shop | 1 Html5 Maps | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5980 | 1 Meomundo | 1 Related Youtube Videos | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5979 | 1 Najeebmedia | 1 Personalized Woocommerce Cart Page | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5974 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5973 | 1 Sukimalab | 1 Online Lesson Booking | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5971 | 1 Sukimalab | 1 Attendance Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2019-5968 | 1 Weseek | 1 Growi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
|
|||||