Total
7480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | |||||
| CVE-2017-8930 | 1 Simpleinvoices | 1 Simple Invoices | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-8100 | 1 Artistscope | 1 Copysafe Web Protection | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | |||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | |||||
| CVE-2014-3709 | 1 Keycloak | 1 Keycloak | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | |||||
| CVE-2017-10677 | 1 Linksys | 2 Ea4500, Ea4500 Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | |||||
| CVE-2015-5170 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | |||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-8874 | 1 Acquia | 1 Mautic | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | |||||
| CVE-2017-6086 | 1 Vimbadmin | 1 Vimbadmin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | |||||
| CVE-2015-2878 | 1 Watchguard | 1 Hawkeye G | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | |||||
| CVE-2017-8099 | 1 Browserweb Inc | 1 Whizz | 2025-04-20 | 5.8 MEDIUM | 8.1 HIGH |
| There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | |||||
| CVE-2017-1746 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. | |||||
| CVE-2017-7556 | 1 Hawt | 1 Hawtio | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | |||||
| CVE-2015-4593 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | |||||
| CVE-2015-5395 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |||||
| CVE-2016-7507 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | |||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | |||||