Vulnerabilities (CVE)

Filtered by CWE-352
Total 7687 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1459 1 Razorcms 1 Razorcms 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
CVE-2008-3743 1 Drupal 1 Drupal 2025-04-09 5.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
CVE-2008-6449 1 Centurysys 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more 2025-04-09 4.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
CVE-2009-0708 1 Semanticscuttle 1 Semanticscuttle 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page.
CVE-2008-3325 2 Debian, Moodle 2 Debian Linux, Moodle 2025-04-09 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
CVE-2008-6801 1 Vivvo 1 Vivvo 2025-04-09 4.4 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6974 1 Dd-wrt 1 Dd-wrt 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.
CVE-2009-1434 1 Foswiki 1 Foswiki 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
CVE-2007-6730 1 Zyxel 1 P-330w Router 2025-04-09 9.3 HIGH N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
CVE-2009-4092 1 Simplog 1 Simplog 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.
CVE-2008-3736 2 Spacetag, System Consultants 2 Lacoodast, La Cooda Wiz 2025-04-09 6.0 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.
CVE-2008-7204 1 Virtuemart 1 Virtuemart 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2008-4899 1 Planetluc 1 Rateme 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
CVE-2008-3080 1 Mywebland 1 Mybloggie 2025-04-09 5.1 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
CVE-2008-3868 1 Cce-interact 1 Interact 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
CVE-2008-1260 1 Zyxel 1 P-2602hw-d1a 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1.
CVE-2009-0056 1 Cisco 2 Ironport Encryption Appliance, Ironport Postx 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
CVE-2009-4077 1 Roundcube 1 Webmail 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
CVE-2007-5828 1 Django Project 1 Django 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
CVE-2008-6048 1 Tangocms 1 Tangocms 2025-04-09 6.0 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.