Total
7480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | |||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
| CVE-2017-6411 | 1 Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
| CVE-2016-8350 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2017-17056 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | |||||
| CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | |||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | |||||
| CVE-2017-6914 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. | |||||
| CVE-2016-8718 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. | |||||
| CVE-2017-7662 | 1 Apache | 1 Cxf Fediz | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. | |||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |||||
| CVE-2016-4876 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2017-17830 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | 6.0 MEDIUM | 6.8 MEDIUM |
| Bus Booking Script has CSRF via admin/new_master.php. | |||||
| CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |||||
| CVE-2017-17982 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 6.0 MEDIUM | 6.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||||
| CVE-2017-1097 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. | |||||
| CVE-2017-5475 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | |||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | |||||