Total
8561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5264 | 1 Rapid7 | 1 Nexpose | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | |||||
| CVE-2017-13129 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | |||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
| CVE-2017-10961 | 1 Vanderbilt | 1 Redcap | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | |||||
| CVE-2016-4928 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | |||||
| CVE-2017-10681 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | |||||
| CVE-2017-1000244 | 1 Jenkins | 1 Favorite | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | |||||
| CVE-2017-9413 | 1 Subsonic | 1 Subsonic | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. | |||||
| CVE-2017-11567 | 1 Cesanta | 1 Mongoose Embedded Web Server Library | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. | |||||
| CVE-2015-7715 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. | |||||
| CVE-2015-2878 | 1 Watchguard | 1 Hawkeye G | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | |||||
| CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||||
| CVE-2016-10701 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||||
| CVE-2016-1161 | 1 Zohocorp | 1 Password Manager Pro | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | |||||
| CVE-2017-6066 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||||
| CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | |||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | |||||
| CVE-2015-8814 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file. | |||||
| CVE-2014-3709 | 1 Keycloak | 1 Keycloak | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | |||||
| CVE-2017-17894 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Job Site Script has CSRF via the /job URI. | |||||