Total
9116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18033 | 1 Atlassian | 1 Jira | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | |||||
| CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |||||
| CVE-2017-17982 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2026-06-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||||
| CVE-2017-17960 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | |||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. | |||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | |||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | |||||
| CVE-2017-17894 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Job Site Script has CSRF via the /job URI. | |||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | |||||
| CVE-2017-17835 | 1 Apache | 1 Airflow | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | |||||
| CVE-2017-17830 | 1 Doditsolutions | 1 Bus Booking Script | 2026-06-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| Bus Booking Script has CSRF via admin/new_master.php. | |||||
| CVE-2017-17827 | 1 Piwigo | 1 Piwigo | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | |||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | |||||
| CVE-2017-17552 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | |||||
| CVE-2017-17550 | 1 Zyxel | 2 Zywall Usg 100, Zywall Usg 100 Firmware | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | |||||
| CVE-2017-17056 | 1 Zkteco | 1 Zktime Web | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | |||||
| CVE-2017-16886 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. | |||||