Total
7388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14481 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. | |||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | |||||
| CVE-2019-14328 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | |||||
| CVE-2019-14327 | 1 Custom Simple Rss Project | 1 Custom Simple Rss | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. | |||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ricoh SP C250DN 1.06 devices allow CSRF. | |||||
| CVE-2019-14240 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI. | |||||
| CVE-2019-14228 | 1 Angry-frog | 1 Xavier | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation. | |||||
| CVE-2019-14216 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | |||||
| CVE-2019-13974 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | |||||
| CVE-2019-13961 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | |||||
| CVE-2019-13949 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. | |||||
| CVE-2019-13930 | 1 Siemens | 1 Xhq | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-13920 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-13611 | 1 Python-engineio Project | 1 Python-engineio | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | |||||
| CVE-2019-13594 | 1 Mirumee | 1 Saleor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | |||||
| CVE-2019-13563 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | |||||
| CVE-2019-13529 | 1 Sma | 2 Sunny Webbox, Sunny Webbox Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. | |||||
| CVE-2019-13516 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | |||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | |||||
| CVE-2019-13477 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | |||||