Total
7410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | |||||
| CVE-2020-1103 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2020-19964 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | |||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | |||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | |||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | |||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2020-19669 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | |||||
| CVE-2020-19639 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. | |||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | |||||
| CVE-2020-19268 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. | |||||
| CVE-2020-19264 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. | |||||
| CVE-2020-19263 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. | |||||
| CVE-2020-19199 | 1 Phpok | 1 Phpok | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19159 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | |||||
| CVE-2020-19047 | 1 Iwebshop | 1 Iwebshop | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | |||||
| CVE-2020-18964 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | |||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | |||||