CWE:
 

Topic
Date
Author
Low
SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery
11.10.2019
Borja Merino
Med.
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery
30.09.2019
LiquidWorm
Low
Palo Alto Networks Cross Site Request Forgery
22.09.2019
Pankaj Thakur
Med.
LayerBB < 1.1.4 Cross-Site Request Forgery
20.09.2019
0xB9
Low
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
15.09.2019
Rodolfo Tavares
Low
phpMyAdmin 4.9.0.1 Cross Site Request Forgery
14.09.2019
Manuel Garcia Cardenas
Low
Enigma NMS 65.0.0 Cross-Site Request Forgery
12.09.2019
Mark Cross
Low
Django CRM 0.2.1 Cross Site Request Forgery
28.08.2019
Daniel Bishtawi
Low
openITCOCKPIT 3.6.1-2 Cross-Site Request Forgery
28.08.2019
Julian Rittweger
Med.
MediaWiki OAuth2 Client 0.3 Cross Site Request Forgery
20.08.2019
Justin Bull
Low
WordPress Add Mime Types Plugin 2.2.1 Cross-Site Request Forgery
20.08.2019
Princy Edward
Med.
Adive Framework 2.0.7 Cross Site Request Forgery
09.08.2019
Pablo Santiago
Low
Daily Expense Manager 1.0 Cross Site Request Forgery
08.08.2019
Mr Winst0n
Med.
College Notes Management System 1.0 Cross Site Request Forgery
04.08.2019
Mr Winst0n
Med.
Cisco Catalyst 3850 Series Device Manager Cross-Site Request Forgery
01.08.2019
Alperen Soydan
Med.
Cisco Wireless Controller 3.6.10E Cross-Site Request Forgery
29.07.2019
Mehmet ├ľnder Key
Low
TP-Link TL-WR940N / TL-WR941ND Cross Site Request Forgery
09.07.2019
MustLive
Low
Huawei HG530 Cross Site Request Forgery
08.07.2019
Raki Ben Hamouda
Med.
CyberPanel 1.8.4 Cross Site Request Forgery
02.07.2019
Bilgi Birikim Sistemle...
Med.
FaceSentry Access Control System 6.4.8 Cross Site Request Forgery
02.07.2019
LiquidWorm
High
Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution
26.06.2019
XORcat
Low
phpMyAdmin 4.8 Cross Site Request Forgery
13.06.2019
Riemann
High
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
06.06.2019
KingSkrupellos
Low
Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery
22.05.2019
Gerwout Van der Veen
Med.
Outsystems Platform CSRF
22.05.2019
Joshua Provoste
Low
WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery
22.05.2019
KingSkrupellos
Low
WordPress StudioPress Showcase Pro Genesis Framework CSRF Vulnerability
22.05.2019
KingSkrupellos
Low
WordPress 4.6.1 Roberto Antonacci Cross Site Request Forgery
22.05.2019
KingSkrupellos
Low
WordPress Versett Cross Site Request Forgery
22.05.2019
KingSkrupellos
Low
WordPress TPG Business Services Cross Site Request Forgery
22.05.2019
KingSkrupellos
Low
WordPress Retreat Guru Cross Site Request Forgery
22.05.2019
KingSkrupellos
Med.
phpKF 1.10 XSS / CSRF / SQL Injection
20.05.2019
Ahmethan Gultekin
Med.
Legrand BTicino Driver Manager F454 1.0.51 Cross-Site Request Forgery / Cross-Site Scripting
16.05.2019
Gjoko 'LiquidWorm' Krs...
Med.
SOCA Access Control System 180612 Cross Site Request Forgery
14.05.2019
LiquidWorm
Med.
Intelbras IWR 3000N 1.5.0 Cross Site Request Forgery
01.05.2019
Social Engineering Neo
Low
Veeam ONE Reporter 9.5.0.3201 Cross Site Request Forgery
01.05.2019
Seyed Sadegh Khatami
Low
Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery
28.04.2019
Cisco Talos
Low
74CMS 5.0.1 Cross Site Request Forgery
24.04.2019
ax8
Low
Msvod 10 Cross Site Request Forgery
24.04.2019
ax8
Med.
WordPress Plugin Contact Form Maker 1.13.1 Cross-Site Request Forgery
14.04.2019
Panagiotis Vagenas
Low
Bolt CMS 3.6.6 Cross Site Request Forgery / Code Execution
09.04.2019
Felipe Gaspar
Low
JioFi 4G M2S 1.0.2 Cross Site Request Forgery
02.04.2019
Vikas Chaudhary
Med.
Joomla ARI Image Slider 2.2.0 CSRF Backdoor Access Vulnerability
27.03.2019
KingSkrupellos
Low
Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting
25.03.2019
Ozer Goker
Low
Intel Modular Server System 10.18 Cross Site Request Forgery
14.03.2019
LiquidWorm
Low
PilusCart 1.4.1 Cross Site Request Forgery
13.03.2019
Gionathan Reale
Low
OrientDB 3.0.17 GA Community Edition XSS / CSRF
08.03.2019
Ozer Goker
Low
zzzphp CMS 1.6.1 Cross Site Request Forgery
05.03.2019
Yang Chenglong
Low
Simple Online Hotel Reservation System Cross Site Request Forgery
28.02.2019
Mr Winst0n
High
Kanboard 1.2.7 Code Execution / Cross Site Request Forgery
22.02.2019
Will Boucher
Low
MyBB Trash Bin 1.1.3 Cross Site Request Forgery / Cross Site Scripting
18.02.2019
0xB9
Low
LayerBB 1.1.2 Cross Site Request Forgery
15.02.2019
0xB9
Low
Jiofi 4 (JMR 1140) WiFi Password Cross Site Request Forgery
14.02.2019
Ronnie T Baby
Low
Jiofi 4 (JMR 1140) Admin Token Disclosure Cross Site Request Forgery
14.02.2019
Ronnie T Baby
Med.
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
06.02.2019
Yusuf Furkan
Med.
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
06.02.2019
Tim Coen
Med.
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
04.02.2019
LiquidWorm
Med.
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery
04.02.2019
Stefan Petrushevski
High
PDF Signer 3.0 Template Injection / CSRF / Code Execution
29.01.2019
dd_
Low
Zyxel NBG-418N V2 Cross Site Request Forgery
25.01.2019
Ali Can Gonullu
Low
PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery
23.01.2019
Kumar Saurav
Low
Hucart CMS 5.7.4 Cross Site Request Forgery
15.01.2019
AllenChen
Low
Live Call Support 1.5 Cross Site Request Forgery
15.01.2019
Ihsan Sencan
Low
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
10.01.2019
sajjadbnd
Med.
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
08.01.2019
Secator
Low
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
08.01.2019
Nathu Nandwani
Med.
Webgalamb Information Disclosure / XSS / CSRF / SQL Injection
08.01.2019
Daniel Jones
Low
phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting
08.01.2019
Ozer Goker
Low
Apache CouchDB 2.3.0 Cross Site Request Forgery
04.01.2019
Ozer Goker
Med.
WSTMart 2.0.8 Cross Site Request Forgery
25.12.2018
linfeng
Low
Hotel Booking Script 3.4 Cross Site Request Forgery
20.12.2018
Sainadh Jamalpur
Med.
Integria IMS 5.0.83 Cross Site Request Forgery
20.12.2018
Javier Olmedo
Med.
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal
18.12.2018
MustLive
Low
PHP Server Monitor 3.3.1 Cross Site Request Forgery
04.12.2018
Javier Olmedo
Low
Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery (Add Admin)
28.11.2018
LiquidWorm
Low
Ticketly 1.0 Cross Site Request Forgery
20.11.2018
Javier Olmedo
Med.
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
20.11.2018
LiquidWorm
Med.
Electricks eCommerce 1.0 Cross-Site Request Forgery (Change Admin Password)
14.11.2018
Nawaf Alkeraithe
High
Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload
14.11.2018
Ihsan Sencan
Low
ClipperCMS 1.3.3 Cross Site Request Forgery
14.11.2018
Ameer Pornillos
Low
Easyndexer 1.0 Cross Site Request Forgery
12.11.2018
Ihsan Sencan
Med.
OOP CMS BLOG 1.0 Cross Site Request Forgery
07.11.2018
Ihsan Sencan
Low
Card Payment 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Low
School Event Management System 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Low
School Attendance Monitoring System 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Med.
Aplaya Beach Resort Online Reservation System 1.0 CSRF / SQL Injection
30.10.2018
Ihsan Sencan
Med.
Traq 3.7.1 CSRF / XSS / SQL Injection
23.10.2018
Matt Landers
Low
PHP-SHOP Master 1.0 Cross Site Request Forgery
19.10.2018
Alireza Norkazemi
Med.
Academic Timetable Final Build 7.0b Cross Site Request Forgery
16.10.2018
Ihsan Sencan
Low
HaPe PKH 1.1 Cross Site Request Forgery
13.10.2018
Ihsan Sencan
Low
Cockpit CMS CSRF / XSS / Path Traversal
13.10.2018
Simon Uvarov
Med.
NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass
11.10.2018
Patrick Costa
Med.
matri4web v 9.04 CSRF Vulnerability
28.09.2018
indoushka
Low
Admidio 3.3.5 Cross-Site Request Forgery (Change Permissions)
04.09.2018
Nawaf Alkeraithe
Med.
phpMyAdmin 4.7.x Cross-Site Request Forgery
29.08.2018
VulnSpy
Low
Gleez CMS 1.2.0 Cross Site Request Forgery
28.08.2018
GunEggWang
Med.
RICOH MP C4504ex Printer Cross-Site Request Forgery
27.08.2018
Ismail Tasdelen
Med.
Vox TG790 ADSL Router Cross-Site Request Forgery (Add Admin)
24.08.2018
Cakes
Low
MyBB Moderator Log Notes Plugin 1.1 Cross-Site Request Forgery
20.08.2018
0xB9
Med.
Pimcore 5.2.3 SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
16.08.2018
SEC Consult


CVEMAP Search Results

CVE
Details
Description
2019-10-10
Medium
CVE-2019-17431

Vendor: Fastadmin
Software: Fastadmin
 

 
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.

 
2019-10-07
High
CVE-2015-9455

Updating...
 

 
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

 
2019-10-06
Medium
CVE-2019-17217

Updating...
 

 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.

 
2019-10-02
Medium
CVE-2019-15040

Vendor: Jetbrains
Software: Youtrack
 

 
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.

 
Low
CVE-2019-1915

Vendor: Cisco
Software: Unified comm...
 

 
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&amp;P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

 
2019-09-30
Medium
CVE-2019-16993

Vendor: Phpbb
Software: Phpbb
 

 
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

 
2019-09-27
Low
CVE-2019-13376

Vendor: Phpbb
Software: Phpbb
 

 
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

 
2019-09-26
Low
CVE-2015-9440

Vendor: Monetize project
Software: Monetize
 

 
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.

 
Low
CVE-2015-9441

Vendor: Bookmarkify project
Software: Bookmarkify
 

 
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.

 
Low
CVE-2015-9442

Vendor: Avenirsoft
Software: Directdownload
 

 
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top