Total
7396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19289 | 1 Siemens | 1 Xhq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. | |||||
| CVE-2019-19109 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | |||||
| CVE-2019-19025 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19013 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. | |||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | |||||
| CVE-2019-18677 | 3 Canonical, Fedoraproject, Squid-cache | 3 Ubuntu Linux, Fedora, Squid | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | |||||
| CVE-2019-18651 | 1 3xlogic | 2 Infinias Access Control, Infinias Access Control Firmware | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session. | |||||
| CVE-2019-18650 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. | |||||
| CVE-2019-18414 | 1 Sourcecodester | 1 Restaurant Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | |||||
| CVE-2019-18411 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. | |||||
| CVE-2019-18376 | 1 Symantec | 1 Management Center | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. | |||||
| CVE-2019-18346 | 1 Davical | 1 Davical | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. | |||||
| CVE-2019-18280 | 1 Online Grading System Project | 1 Online Grading System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI. | |||||
| CVE-2019-18271 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site. | |||||
| CVE-2019-18220 | 1 Sitemagic | 1 Sitemagic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions. | |||||
| CVE-2019-18206 | 1 Zucchetti | 1 Infobusiness | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | |||||
| CVE-2019-17676 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | |||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | |||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | |||||
| CVE-2019-17642 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. | |||||