Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2020-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||||
| CVE-2020-13458 | 1 Verbb | 1 Image Resizer | 2020-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. | |||||
| CVE-2020-13412 | 1 Aviatrix | 1 Controller | 2020-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | |||||
| CVE-2020-13416 | 1 Aviatrix | 1 Controller | 2020-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | |||||
| CVE-2020-4286 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2020-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. | |||||
| CVE-2020-12257 | 1 Rconfig | 1 Rconfig | 2020-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | |||||
| CVE-2019-20390 | 1 Intelliants | 1 Subrion | 2020-05-18 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | |||||
| CVE-2020-5576 | 1 Sixapart | 1 Movable Type | 2020-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-18703 | 1 Netgear | 56 D1500, D1500 Firmware, D500 and 53 more | 2020-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||
| CVE-2019-19517 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | |||||
| CVE-2020-7983 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2020-05-07 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | |||||
| CVE-2020-8829 | 1 Intelbras | 2 Cip 92200, Cip 92200 Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | |||||
| CVE-2018-21102 | 1 Netgear | 1 Readynas Os Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | |||||
| CVE-2020-5335 | 1 Rsa | 1 Archer | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. | |||||
| CVE-2020-12462 | 1 Ninjaforms | 1 Ninja Forms | 2020-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | |||||
| CVE-2017-18861 | 1 Netgear | 1 Readynas Surveillance | 2020-05-05 | 7.9 HIGH | 8.0 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. | |||||
| CVE-2016-11055 | 1 Netgear | 26 Cm400, Cm400 Firmware, Cm600 and 23 more | 2020-05-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11. | |||||
| CVE-2017-18791 | 1 Netgear | 26 D7000, D7000 Firmware, Jnr1010 and 23 more | 2020-05-04 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50. | |||||
| CVE-2018-21096 | 1 Netgear | 22 Wac120, Wac120 Firmware, Wac505 and 19 more | 2020-05-04 | 4.9 MEDIUM | 7.4 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | |||||
| CVE-2019-4750 | 1 Ibm | 1 Cloud App Management | 2020-05-01 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310. | |||||