Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7198 | 1 Openmicroscopy | 1 Omero | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | |||||
| CVE-2019-10644 | 1 Hyphp | 1 Hybbs | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. | |||||
| CVE-2019-9604 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2019-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | |||||
| CVE-2019-9787 | 1 Wordpress | 1 Wordpress | 2019-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. | |||||
| CVE-2019-10237 | 1 S-cms | 1 S-cms | 2019-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | |||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2019-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | |||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2019-03-25 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | |||||
| CVE-2019-7433 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | |||||
| CVE-2018-17996 | 1 Layerbb | 1 Layerbb | 2019-03-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/. | |||||
| CVE-2019-6967 | 1 Airties | 2 Air 5341, Air 5341 Firmware | 2019-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. | |||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2019-03-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2017-6819 | 1 Wordpress | 1 Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. | |||||
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2019-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | |||||
| CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||||
| CVE-2019-5920 | 1 Ncrafts | 1 Formcraft | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
| CVE-2017-15730 | 1 Phpmyfaq | 1 Phpmyfaq | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. | |||||
| CVE-2017-6081 | 1 Zammad | 1 Zammad | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | |||||