Total
7347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | |||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | |||||
| CVE-2016-4884 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4885 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2025-04-20 | 6.8 MEDIUM | 7.3 HIGH |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | |||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | |||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | |||||
| CVE-2015-5170 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | |||||
| CVE-2016-4808 | 1 Web2py | 1 Web2py | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | |||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | |||||
| CVE-2015-2142 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | |||||
| CVE-2017-5169 | 1 Hanwha-security | 1 Smart Security Manager | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | |||||
| CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |||||
| CVE-2016-8941 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2017-1000085 | 1 Jenkins | 1 Subversion | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. | |||||
| CVE-2017-8138 | 1 Huawei | 1 Hedex Lite | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services. | |||||
| CVE-2016-0355 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | |||||
| CVE-2017-7662 | 1 Apache | 1 Cxf Fediz | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. | |||||