Total
7976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | |||||
| CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | |||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | |||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | |||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | |||||
| CVE-2020-16208 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). | |||||
| CVE-2020-15882 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. | |||||
| CVE-2020-15789 | 1 Siemens | 1 Polarion Subversion Webclient | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. | |||||
| CVE-2020-15711 | 1 Misp | 1 Misp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. | |||||
| CVE-2020-15700 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | |||||
| CVE-2020-15695 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. | |||||
| CVE-2020-15660 | 1 Mozilla | 1 Geckodriver | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | |||||
| CVE-2020-15600 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | |||||
| CVE-2020-15516 | 1 Mm Forum Project | 1 Mm Forum | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | |||||
| CVE-2020-15400 | 1 Cakefoundation | 1 Cakephp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. | |||||