Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
|
|||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
|
|||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
|
|||||
| CVE-2018-16431 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
|
|||||
| CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
|
|||||
| CVE-2018-16387 | 1 Elefantcms | 1 Elefantcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
|
|||||
| CVE-2018-16380 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
|
|||||
| CVE-2018-16366 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
|
|||||
| CVE-2018-16365 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
|
|||||
| CVE-2018-16345 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
|
|||||
| CVE-2018-16339 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
|
|||||
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
|
|||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
|
|||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
|
|||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
|
|||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
|
|||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
|
|||||
| CVE-2018-16218 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.
|
|||||
| CVE-2018-16136 | 1 Ipbrick | 1 Ipbrick Os | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.
|
|||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
|
|||||
| CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
|
|||||
| CVE-2018-15851 | 1 Flexocms Project | 1 Flexo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.
|
|||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
|
|||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
|
|||||
| CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
|
|||||
| CVE-2018-15846 | 1 Fledrcms Project | 1 Fledrcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
|
|||||
| CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
|
|||||
| CVE-2018-15844 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
|
|||||
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
|
|||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.
|
|||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
|
|||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
|
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
|
|||||
| CVE-2018-15569 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
my little forum 2.4.12 allows CSRF for deletion of users.
|
|||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
|
|||||
| CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
|
|||||
| CVE-2018-15564 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
|
|||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
|
|||||
| CVE-2018-15445 | 1 Cisco | 1 Energy Management Suite Software | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A succe ...
Show More |
|||||
| CVE-2018-15438 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful explo ...
Show More |
|||||
| CVE-2018-15402 | 1 Cisco | 1 Enterprise Network Virtualization Software | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
|
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of ...
Show More |
|||||