Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15401 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could all ...
Show More |
|||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.
|
|||||
| CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
|
|||||
| CVE-2018-15203 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.
|
|||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.
|
|||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
|
|||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
|
|||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
|
|||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
|
|||||
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.
|
|||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
|
|||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
|
|||||
| CVE-2018-14978 | 1 Q-cms | 1 Qcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
|
|||||
| CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.
|
|||||
| CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF.
|
|||||
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
|
|||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.
|
|||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.
|
|||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.
|
|||||
| CVE-2018-14930 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.
|
|||||
| CVE-2018-14926 | 1 Matera | 1 Banco | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
|
|||||
| CVE-2018-14910 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
|
|||||
| CVE-2018-14908 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
|
|||||
| CVE-2018-14892 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
|
|||||
| CVE-2018-14783 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.
|
|||||
| CVE-2018-14769 | 1 Vivotek | 1 Camera | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
|
|||||
| CVE-2018-14711 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
|
|||||
| CVE-2018-14603 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
|
|||||
| CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
|
|||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
|
|||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
|
|||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
|
|||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.
|
|||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
|
|||||
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
|
|||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
|
|||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
|
|||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
|
|||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
|
|||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
|
|||||