Total
7410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23836 | 1 Oswapp | 1 Warehouse Inventory System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. | |||||
| CVE-2020-23830 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | |||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | |||||
| CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | |||||
| CVE-2020-23631 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | |||||
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | |||||
| CVE-2020-23522 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | |||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | |||||
| CVE-2020-23426 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | |||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | |||||
| CVE-2020-23342 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | |||||
| CVE-2020-23264 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | |||||
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | |||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | |||||
| CVE-2020-22273 | 1 Creativeitem | 1 Neoflex Video Subscription System | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) | |||||
| CVE-2020-22000 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
| HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function. | |||||
| CVE-2020-21989 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2020-21884 | 1 Indionetworks | 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. | |||||
| CVE-2020-21881 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | |||||