Total
7668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | |||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | |||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | |||||
| CVE-2018-16218 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. | |||||
| CVE-2018-16136 | 1 Ipbrick | 1 Ipbrick Os | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim. | |||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | |||||
| CVE-2018-15851 | 1 Flexocms Project | 1 Flexo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. | |||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | |||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
| CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | |||||
| CVE-2018-15846 | 1 Fledrcms Project | 1 Fledrcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | |||||
| CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | |||||
| CVE-2018-15844 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | |||||
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | |||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | |||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | |||||