Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9033 | 1 Trendmicro | 1 Serverprotect | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | |||||
| CVE-2020-19047 | 1 Iwebshop | 1 Iwebshop | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | |||||
| CVE-2018-7720 | 1 Cobub | 1 Razor | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. | |||||
| CVE-2017-5156 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | |||||
| CVE-2017-5528 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). | |||||
| CVE-2020-12427 | 3 Apple, Microsoft, Westerndigital | 3 Macos, Windows, Wd Discovery | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | |||||
| CVE-2021-39133 | 1 Pagerduty | 1 Rundeck | 2021-09-08 | 6.0 MEDIUM | 6.8 MEDIUM |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. | |||||
| CVE-2021-27557 | 1 Easycorp | 1 Zentao | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
| CVE-2013-2699 | 1 Underconstruction Project | 1 Underconstruction | 2021-09-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
| CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||
| CVE-2021-40172 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | |||||
| CVE-2021-3734 | 1 Yourls | 1 Yourls | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
| CVE-2021-23431 | 1 Joplinapp | 1 Joplin | 2021-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | |||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2021-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | |||||
| CVE-2021-28070 | 1 Popojicms | 1 Popojicms | 2021-08-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | |||||