Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10568 | 1 Onthegosystems | 1 Sitepress-multilingual-cms | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. | |||||
| CVE-2019-7391 | 1 Zyxel | 4 Dsl-491hnu-b10b, Dsl-491hnu-b10b Firmware, Dsl-491hnu-b1b V2 and 1 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | |||||
| CVE-2019-5814 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | |||||
| CVE-2019-20178 | 1 Peel | 1 Peel Shopping | 2023-11-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. | |||||
| CVE-2019-20059 | 1 Mfscripts | 1 Yetishare | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732. | |||||
| CVE-2019-19995 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. | |||||
| CVE-2019-19737 | 1 Mfscripts | 1 Yetishare | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | |||||
| CVE-2019-18677 | 3 Canonical, Fedoraproject, Squid-cache | 3 Ubuntu Linux, Fedora, Squid | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | |||||
| CVE-2019-17495 | 2 Oracle, Smartbear | 6 Banking Apis, Banking Digital Experience, Banking Platform and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. | |||||
| CVE-2019-12922 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-11-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |||||
| CVE-2019-12769 | 1 Solarwinds | 1 Serv-u Managed File Transfer | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | |||||
| CVE-2019-12616 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. | |||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||
| CVE-2019-0235 | 1 Apache | 1 Ofbiz | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. | |||||
| CVE-2019-0229 | 1 Apache | 1 Airflow | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. | |||||
| CVE-2018-8817 | 1 Wampserver | 1 Wampserver | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Wampserver before 3.1.3 has CSRF in add_vhost.php. | |||||
| CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | |||||
| CVE-2018-6504 | 1 Microfocus | 1 Arcsight Management Center | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). | |||||
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||