Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6320 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2020-01-22 | 5.8 MEDIUM | 8.1 HIGH |
| Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | |||||
| CVE-2019-6319 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2020-01-22 | 5.8 MEDIUM | 8.1 HIGH |
| HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | |||||
| CVE-2019-19854 | 1 Serpico Project | 1 Serpico | 2020-01-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level to Administrator. | |||||
| CVE-2011-2934 | 1 Websitebaker | 1 Websitebaker | 2020-01-17 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions. | |||||
| CVE-2018-18246 | 1 Icinga | 1 Icinga Web 2 | 2020-01-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. | |||||
| CVE-2019-16752 | 3 Dash, Officialdapscoin, Pivx | 3 Dash Core, Decentralized Anonymous Payment System, Private Instant Verified Transactions | 2020-01-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0. | |||||
| CVE-2014-5516 | 1 Konakart | 1 Konakart | 2020-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. | |||||
| CVE-2011-5250 | 1 Prophecyinternational | 1 Snare | 2020-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Snare for Linux before 1.7.0 has CSRF in the web interface. | |||||
| CVE-2014-3590 | 1 Redhat | 1 Satellite | 2020-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | |||||
| CVE-2020-6167 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2020-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. | |||||
| CVE-2019-20077 | 1 Typesettercms | 1 Typesetter | 2020-01-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability. | |||||
| CVE-2019-16326 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. | |||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2020-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| edx-platform before 2016-06-06 allows CSRF. | |||||
| CVE-2015-5595 | 1 Zenphoto | 1 Zenphoto | 2020-01-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption). | |||||
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2020-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | |||||
| CVE-2013-3935 | 1 Opsview | 2 Opsview, Opsview Core | 2020-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. | |||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2020-01-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2020-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SPBAS Business Automation Software 2012 has CSRF. | |||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2020-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-20071 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | |||||