Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5556 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2020-02-26 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2020-9394 | 1 Supsystic | 1 Pricing Table By Supsystic | 2020-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. | |||||
| CVE-2013-2109 | 1 Undolog | 1 Wp Cleanfix | 2020-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress plugin wp-cleanfix has Remote Code Execution | |||||
| CVE-2019-19662 | 1 Maxum | 1 Rumpus Ftp | 2020-02-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19664 | 1 Maxum | 1 Rumpus Ftp | 2020-02-24 | 5.8 MEDIUM | 7.1 HIGH |
| A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2020-9341 | 1 Auieo | 1 Candidats | 2020-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | |||||
| CVE-2020-3114 | 1 Cisco | 1 Data Center Network Manager | 2020-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. | |||||
| CVE-2019-12246 | 1 Silverstripe | 1 Silverstripe | 2020-02-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | |||||
| CVE-2019-12437 | 1 Silverstripe | 1 Silverstripe | 2020-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, | |||||
| CVE-2020-5530 | 1 Realestateconnected | 1 Easy Property Listings | 2020-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-9266 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | |||||
| CVE-2020-9267 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | |||||
| CVE-2020-9270 | 1 Icehrm | 1 Icehrm | 2020-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | |||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | |||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2020-02-18 | 3.5 LOW | 5.5 MEDIUM |
| PrestaShop before 1.4.11 allows logout CSRF. | |||||
| CVE-2013-2108 | 1 Undolog | 1 Cleanfix | 2020-02-18 | 4.3 MEDIUM | 5.4 MEDIUM |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF | |||||
| CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2020-02-12 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | |||||
| CVE-2014-2225 | 1 Ui | 3 Airvision Controller, Mfi Controller, Unifi Controller | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | |||||
| CVE-2019-10784 | 1 Phppgadmin Project | 1 Phppgadmin | 2020-02-12 | 9.3 HIGH | 9.6 CRITICAL |
| phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. | |||||
| CVE-2013-3568 | 1 Cisco | 2 Linksys Wrt110, Linksys Wrt110 Firmware | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||