Total
7976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5904 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. | |||||
| CVE-2020-5900 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | |||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-5786 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-5783 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. | |||||
| CVE-2020-5776 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. | |||||
| CVE-2020-5770 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-5767 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-5642 | 1 Onwebchat | 1 Live Chat - Live Support | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5641 | 1 Netgear | 2 Gs108ev3, Gs108ev3 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors. | |||||
| CVE-2020-5621 | 1 Netgear | 4 Gs716t, Gs716tv2 Firmware, Gs724t and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. | |||||
| CVE-2020-5615 | 2 Calendar01 Project, Calendar02 Project | 2 Calendar01, Calendar02 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5611 | 1 Wpsocialrocket | 1 Social Sharing | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5576 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5549 | 1 Plathome | 4 Easyblocks Ipv6, Easyblocks Ipv6 Enterprise, Easyblocks Ipv6 Enterprise Firmware and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5530 | 1 Realestateconnected | 1 Easy Property Listings | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5517 | 1 Blueonyx | 2 5209r, 5209r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. | |||||
| CVE-2020-5502 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. | |||||
| CVE-2020-5501 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. | |||||