Vulnerabilities (CVE)

Filtered by CWE-352
Total 8298 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3778 1 Commscope 1 Arris Sbg901 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
CVE-2015-3366 1 Alfresco 1 Alfresco 2025-04-12 5.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
CVE-2015-2916 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-3946 1 Advantech 1 Webaccess 2025-04-12 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-1894 1 Ibm 1 Optim Workload Replay 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-7190 1 Openfiler 1 Openfiler 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
CVE-2013-2034 1 Cloudbees 1 Jenkins 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
CVE-2016-2878 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 6.0 MEDIUM 8.0 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2016-8504 1 Yandex 1 Yandex Browser 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
CVE-2015-4189 1 Cisco 1 Data Center Analytics Framework 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.
CVE-2015-4010 1 Everybit 1 Encrypted Contact Form 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.
CVE-2013-4963 1 Puppet 1 Puppet Enterprise 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
CVE-2015-4530 1 Emc 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
CVE-2015-0218 1 Moodle 1 Moodle 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVE-2016-4506 1 Resourcedm 1 Intuitive 650 Tdb Controller 2025-04-12 6.0 MEDIUM 8.0 HIGH
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2015-5075 1 X2engine 1 X2crm 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
CVE-2015-7366 1 Revive-adserver 1 Revive Adserver 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
CVE-2016-0863 1 Tollgrade 1 Smartgrid Lighthouse Sensor Management System 2025-04-12 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-3015 1 Ibm 1 Sametime Proxy Server And Web Client 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2012-5695 1 Bulbsecurity 1 Smartphone Pentest Framework 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.