CWE:
 

Tytuł
Data
Autor
Med.
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Add Admin Cross-Site Request Forgery (CSRF)
29.09.2021
LiquidWorm
Low
ECOA Building Automation System multiple Cross-Site Request Forgery (CSRF)
24.09.2021
Neurogenesia
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
Low
WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery
23.09.2021
0xB9
Low
ECOA Building Automation System Cross Site Request Forgery
13.09.2021
Neurogenesia
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Low
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
01.08.2021
LiquidWorm
High
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
30.07.2021
niebardzo
Low
Webmin 1.973 Cross Site Request Forgery
14.07.2021
Mesh3l_911
Low
b2evolution 7.2.2 Cross Site Request Forgery
02.07.2021
Alperen Ergel
Low
ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)
19.06.2021
Piyush Patil & Rafal L...
High
WordPress Plugin Database Backups 1.2.2.6 Database Backup Download CSRF
19.06.2021
0xB9
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Low
Ubee EVW327 Cross Site Request Forgery
01.06.2021
lated
Low
Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (Add Admin)
19.05.2021
Reza Afsahi
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Sipwise C5 NGCP CSC Click2Dial Cross-Site Request Forgery
23.04.2021
LiquidWorm
High
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
18.04.2021
Bobby Cooke
Med.
GetSimple CMS My SMTP Contact Plugin 1.1.1 CSRF to RCE
16.04.2021
Bobby Cooke
Low
DMA Radius Manager 4.4.0 Cross Site Request Forgery
08.04.2021
Issac Briones
Low
Papoo CMS Cross Site Request Forgery
05.04.2021
Reinhard Westerholt
Low
GetSimple CMS Custom JS Plugin 0.1 CSRF to Persistent XSS
31.03.2021
Abhishek Joshi
Low
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
20.03.2021
LiquidWorm
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
Low
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
09.03.2021
Daniel Moreno
Low
e107 CMS 2.3.0 Cross Site Request Forgery
04.03.2021
Tadjmen
High
Unibox 2.4 CSRF / Remote Code Execution
08.02.2021
Kaustubh G. Padwad
Low
Unibox Cross Site Request Forgery
08.02.2021
Kaustubh G. Padwad
Low
bloofoxCMS 0.5.2.1 CSRF (Add user)
05.02.2021
LiPeiYi
Low
Pixelimity 1.0 Cross Site Request Forgery
04.02.2021
Noth
Med.
STVS ProVision 5.9.10 Cross Site Request Forgery
29.01.2021
LiquidWorm
Low
Anchor CMS 0.12.7 CSRF (Delete user)
21.01.2021
Ninad Mishra
Low
PHP-Fusion 9.03.90 Cross Site Request Forgery
16.01.2021
Mohamed Oosman B S
Low
Online Hotel Reservation System 1.0 Cross Site Request Forgery
15.01.2021
Mesut Cetin
Low
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
07.01.2021
Rahul Ramakant Singh
Low
TypeSetter 5.1 Cross Site Request Forgery
03.01.2021
Alperen Ergel
Low
Rukovoditel 2.6.1 Cross Site Request Forgery
15.12.2020
KeopssGroup0day Inc
Low
OpenAsset Digital Asset Management Cross Site Request Forgery
14.12.2020
Jack Misiura
Low
OpenCart 3.0.3.6 Cross Site Request Forgery
10.12.2020
Mahendra Purbia
Low
EgavilanMedia User Registration & Login System with Admin Panel 1.0 CSRF
04.12.2020
Hardik Solanki
Med.
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
28.11.2020
T. Weber
Low
Customer Support System 1.0 Cross Site Request Forgery
11.11.2020
Ahmed Abbas
High
Genexis Platinum-4410 P4410-V2-1.28 Broken Access Control and CSRF
11.11.2020
Jinson Varghese Behana...
Med.
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
05.11.2020
Wolfgang Ettlinger
Low
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
05.11.2020
LiquidWorm
Low
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
29.10.2020
Mohammed Farhan
Low
Textpattern CMS 4.6.2 Cross-site Request Forgery
19.10.2020
Alperen Ergel
Low
B-swiss 3 Digital Signage System 3.6.5 Cross-Site Request Forgery (Add Maintenance Admin)
15.10.2020
LiquidWorm
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Low
Liman 0.7 Cross Site Request Forgery
07.10.2020
George Tsimpidas
Med.
RocketLinx Series Authentication Bypass / CSRF / Command Injection
05.10.2020
T. Weber
Low
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
01.10.2020
Shahrukh Iqbal Mirza
Low
SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery
01.10.2020
LiquidWorm
Low
BlackCat CMS 1.3.6 Cross Site Request Forgery
23.09.2020
Noth
Med.
Scopia XT Desktop 8.3.915.4 Cross-Site Request Forgery (change admin password)
10.09.2020
v1n1v131r4
Med.
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
05.09.2020
T. Weber
Low
Hyland OnBase Cross Site Request Forgery
05.09.2020
Adaptive Security Cons...
Low
Stock Management System 1.0 Cross-Site Request Forgery (Change Username)
02.09.2020
Bobby Cooke & Adeeb Sh...
Med.
All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery (Add Admin)
17.08.2020
Gjoko 'LiquidWorm' Krs...
Low
GetSimple CMS Plugin Multi User 1.8.2 Cross-Site Request Forgery (Add Admin)
14.08.2020
Bobby Cooke
Low
Warehouse Inventory System 1.0 Cross Site Request Forgery
11.08.2020
Bobby Cooke
Low
pfSense 2.4.4-p3 Cross Site Request Forgery
30.07.2020
ghost_fh
Low
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
21.07.2020
LiquidWorm
Low
CMSUno 1.6 Cross-Site Request Forgery (Change Admin Password)
18.07.2020
Noth
Low
Verint Impact 360 15.1 Cross Site Request Forgery
16.07.2020
Ryan Delaney
Low
SuperMicro IPMI 03.40 Cross Site Request Forgery
12.07.2020
Metin Yunus Kandemir
Med.
Online Student Enrollment System 1.0 Cross Site Request Forgery
24.06.2020
BKpatron
Low
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
24.06.2020
Rodolfo Tavares
Low
Navigate CMS 2.8.7 Cross-Site Request Forgery (Add Admin)
08.06.2020
Gus Ralph
Low
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure
06.06.2020
Aaron Bishop
Low
Forma.LMS 5.6.40 Cross Site Request Forgery
22.05.2020
Daniel Ortiz
Low
NukeViet VMS 4.4.00 Cross Site Request Forgery
20.05.2020
JEBARAJ
Low
Maian Support Helpdesk 4.3 Cross-Site Request Forgery (Add Admin)
05.05.2020
Besim ALTINOK
Low
Apache OFBiz 17.12.03 Cross Site Request Forgery
02.05.2020
Faiz Ahmed Zaidi
Low
Complaint Management System 4.2 Cross Site Request Forgery
27.04.2020
Besim Altinok
Low
Edimax EW-7438RPn Cross Site Request Forgery
22.04.2020
Besim Altinok
Low
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
21.04.2020
LiquidWorm
Med.
QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control
21.04.2020
Yorick Koster
High
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
19.04.2020
Sivanesh Ashok
High
Django 3.0 Cross-Site Request Forgery Token Bypass
08.04.2020
Spad Security Group
Low
Enhanced Multimedia Router 3.0.4.27 Cross-Site Request Forgery (Add Admin)
31.03.2020
Miguel Mendez Z.
Low
ECK Hotel 1.0 Cross Site Request Forgery
27.03.2020
Mustafa Emre Gul
Med.
Oce Colorwave 500 CSRF / XSS / Authentication Bypass
20.03.2020
Marco Ortisi
Low
Exagate Sysguard 6001 Cross Site Request Forgery
20.03.2020
Metin Yunus Kandemir
Low
Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery
16.03.2020
Miguel Mendez Z
Med.
HRSALE 1.1.8 Cross Site Request Forgery
14.03.2020
Ismail Akici
Low
Wing FTP Server 6.2.3 Cross Site Request Forgery
11.03.2020
Dhiraj Mishra
Med.
Wordpress Plugin Tutor LMS 1.5.3 Cross-Site Request Forgery (Add User)
08.03.2020
Jinson Varghese Behana...
Low
Business Live Chat Software 1.0 Cross-Site Request Forgery (Add Admin)
08.03.2020
Meisam Monsef
Low
CandidATS 2.1.0 Cross-Site Request Forgery (Add Admin)
04.03.2020
J3rryBl4nks
Low
Business Live Chat Software 1.0 Cross Site Request Forgery
28.02.2020
Meisam Monsef
Low
CandidATS 2.1.0 Cross Site Request Forgery
24.02.2020
J3rryBl4nks
Med.
Ice HRM 26.2.0 Cross-Site Request Forgery (Add User)
24.02.2020
J3rryBl4nks
Med.
SOPlanning 1.45 Cross-Site Request Forgery (Add User)
24.02.2020
J3rryBl4nks
Low
AVideo Platform 8.1 Cross Site Request Forgery (Password Reset)
11.02.2020
Ihsan Sencan
Med.
Online Job Portal 1.0 Cross Site Request Forgery
07.02.2020
Ihsan Sencan
Low
School ERP System 1.0 Cross Site Request Forgery
04.02.2020
J3rryBl4nks
Low
FlexNet Publisher 11.12.1 Cross Site Request Forgery
31.01.2020
Ismail Tasdelen
Low
Cups Easy 1.0 Cross Site Request Forgery
30.01.2020
J3rryBl4nks
Low
Employee Leaves Management System 2.0 Cross Site Request Forgery
27.01.2020
Priyanka Samak


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-10-15
Waiting for details
CVE-2021-39864

Updating...
 

 
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.

 
2021-10-11
Medium
CVE-2021-24711

Vendor: Tipsandtricks-hq
Software: Software lic...
 

 
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack

 
2021-10-08
Medium
CVE-2021-41916

Vendor: Webtareas project
Software: Webtareas
 

 
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page.

 
2021-10-06
Medium
CVE-2021-29837

Vendor: IBM
Software: Sterling b2b...
 

 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.

 
2021-10-05
Medium
CVE-2021-35491

Vendor: Wowza
Software: Streaming engine
 

 
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.

 
Medium
CVE-2021-41113

Vendor: Typo3
Software: Typo3
 

 
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.

 
2021-10-04
Low
CVE-2021-36850

Vendor: Meowapps
Software: Media file r...
 

 

 
Medium
CVE-2020-21386

Vendor: Maccms
Software: Maccms
 

 
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.

 
2021-09-30
Medium
CVE-2021-41295

Vendor: ECOA
Software: Riskterminator
 

 
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

 
2021-09-29
Medium
CVE-2021-41764

Vendor: Streama project
Software: Streama
 

 
A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top