Total
7410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36633 | 1 Moodle-block Sitenews Project | 1 Moodle-block Sitenews | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879. | |||||
| CVE-2020-36625 | 1 Destiny | 1 Chat | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-36623 | 1 Pengu Project | 1 Pengu | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475. | |||||
| CVE-2020-36622 | 1 Bienlein Project | 1 Bienlein | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability. | |||||
| CVE-2020-36534 | 1 Easyiicms | 1 Easyiicms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36505 | 1 Delete All Comments Easily Project | 1 Delete All Comments Easily | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. | |||||
| CVE-2020-36504 | 1 Wp-pro-quiz Project | 1 Wp-pro-quiz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog | |||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | |||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | |||||
| CVE-2020-36283 | 1 Hidglobal | 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. | |||||
| CVE-2020-36247 | 1 Osc | 1 Open Ondemand | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | |||||
| CVE-2020-36191 | 1 Jupyter | 1 Jupyterhub | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | |||||
| CVE-2020-36174 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | |||||
| CVE-2020-36140 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely). | |||||
| CVE-2020-35972 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. | |||||
| CVE-2020-35950 | 1 Xcloner | 1 Xcloner | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). | |||||
| CVE-2020-35944 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | |||||
| CVE-2020-35943 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | |||||
| CVE-2020-35942 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | |||||
| CVE-2020-35778 | 1 Netgear | 4 Gs716t, Gs716t Firmware, Gs724t and 1 more | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | |||||