Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3187 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user o ...
Show More |
|||||
| CVE-2017-2613 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
|
|||||
| CVE-2017-20120 | 1 Trueconf | 1 Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20091 | 1 Wpjos | 1 Library File Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.
|
|||||
| CVE-2017-20090 | 1 Global Content Blocks Project | 1 Global Content Blocks | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
|
|||||
| CVE-2017-20088 | 1 Bytesforall | 1 Atahualpa | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
|
|||||
| CVE-2017-20065 | 1 Supsystic | 1 Popup | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20062 | 1 Elefantcms | 1 Elefant Cms | 2024-11-21 | 6.8 MEDIUM | 5.0 MEDIUM |
|
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20053 | 1 Xyzscripts | 1 Contact Form Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2017-20045 | 1 Vendavo | 1 Pricepoint | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-20020 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-1769 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
|
|||||
| CVE-2017-1672 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
|
|||||
| CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
|
|||||
| CVE-2017-18861 | 1 Netgear | 1 Readynas Surveillance | 2024-11-21 | 7.9 HIGH | 8.0 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
|
|||||
| CVE-2017-18852 | 1 Netgear | 8 R7300dst, R7300dst Firmware, R8300 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.
|
|||||
| CVE-2017-18848 | 1 Netgear | 8 Ac1450, Ac1450 Firmware, R6300 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
|
|||||
| CVE-2017-18842 | 1 Netgear | 10 D2200d, D2200d Firmware, D2200dw-1frnas and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.
|
|||||
| CVE-2017-18791 | 1 Netgear | 26 D7000, D7000 Firmware, Jnr1010 and 23 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
|
|||||
| CVE-2017-18782 | 1 Netgear | 36 D6200, D6200 Firmware, D7000 and 33 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1. ...
Show More |
|||||
| CVE-2017-18781 | 1 Netgear | 36 D6200, D6200 Firmware, D7000 and 33 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1. ...
Show More |
|||||
| CVE-2017-18775 | 1 Netgear | 12 R6100, R6100 Firmware, R7500 and 9 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.
|
|||||
| CVE-2017-18768 | 1 Netgear | 12 Ex6100, Ex6100 Firmware, Ex6150 and 9 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.
|
|||||
| CVE-2017-18755 | 1 Netgear | 30 Dgn2200, Dgn2200 Firmware, Dgnd2200b and 27 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.
|
|||||
| CVE-2017-18749 | 1 Netgear | 32 Jnr1010, Jnr1010 Firmware, Jr6150 and 29 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR202 ...
Show More |
|||||
| CVE-2017-18742 | 1 Netgear | 20 Jr6150, Jr6150 Firmware, R6050 and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.
|
|||||
| CVE-2017-18708 | 1 Netgear | 4 R8300, R8300 Firmware, R8500 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.
|
|||||
| CVE-2017-18703 | 1 Netgear | 56 D1500, D1500 Firmware, D500 and 53 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 be ...
Show More |
|||||
| CVE-2017-18607 | 1 Theme-fusion | 1 Avada | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The avada theme before 5.1.5 for WordPress has CSRF.
|
|||||
| CVE-2017-18569 | 1 Mythemeshop | 1 My Wp Translate | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
|
|||||
| CVE-2017-18547 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
|
|||||
| CVE-2017-18546 | 1 Jayj Quicktag Project | 1 Jayj Quicktag | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
|
|||||
| CVE-2017-18544 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
|
|||||
| CVE-2017-18523 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
|
|||||
| CVE-2017-18521 | 1 Wp-kama | 1 Democracy Poll | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
|
|||||
| CVE-2017-18513 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
|
|||||
| CVE-2017-18512 | 1 Supsystic | 1 Newsletter By Supsystic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
|
|||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
|
|||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
|
|||||
| CVE-2017-18504 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
|
|||||