Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2018-12-31 | 9.3 HIGH | 8.8 HIGH |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | |||||
| CVE-2018-19621 | 1 Showdoc | 1 Showdoc | 2018-12-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | |||||
| CVE-2018-14892 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2018-12-26 | 6.8 MEDIUM | 8.8 HIGH |
| Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | |||||
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2018-12-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | |||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2018-12-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | |||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | |||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. | |||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | |||||
| CVE-2018-19327 | 1 Jtbc | 1 Jtbc Php | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | |||||
| CVE-2014-3896 | 1 Seeds | 1 Acmailer | 2018-12-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization. | |||||
| CVE-2018-18797 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | |||||
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
| CVE-2018-19332 | 1 S-cms | 1 S-cms | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. | |||||
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2018-12-18 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | |||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | |||||
| CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| RhinOS 3.0 build 1190 allows CSRF. | |||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2018-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | |||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | |||||
| CVE-2017-17550 | 1 Zyxel | 2 Zywall Usg 100, Zywall Usg 100 Firmware | 2018-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | |||||
| CVE-2018-13398 | 1 Atlassian | 2 Crucible, Fisheye | 2018-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | |||||