Total
7301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5394 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-4951 | 1 Vmware | 1 Airwatch | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices. | |||||
| CVE-2017-3965 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | |||||
| CVE-2017-3187 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application. | |||||
| CVE-2017-2613 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406). | |||||
| CVE-2017-20120 | 1 Trueconf | 1 Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20091 | 1 Wpjos | 1 Library File Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20090 | 1 Global Content Blocks Project | 1 Global Content Blocks | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. | |||||
| CVE-2017-20088 | 1 Bytesforall | 1 Atahualpa | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2017-20065 | 1 Supsystic | 1 Popup | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20062 | 1 Elefantcms | 1 Elefant Cms | 2024-11-21 | 6.8 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20053 | 1 Xyzscripts | 1 Contact Form Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20045 | 1 Vendavo | 1 Pricepoint | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20020 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-1769 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. | |||||
| CVE-2017-1672 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | |||||
| CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |||||
| CVE-2017-18861 | 1 Netgear | 1 Readynas Surveillance | 2024-11-21 | 7.9 HIGH | 8.0 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. | |||||
| CVE-2017-18852 | 1 Netgear | 8 R7300dst, R7300dst Firmware, R8300 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14. | |||||
| CVE-2017-18848 | 1 Netgear | 8 Ac1450, Ac1450 Firmware, R6300 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94. | |||||