Total
8686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15569 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| my little forum 2.4.12 allows CSRF for deletion of users. | |||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | |||||
| CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | |||||
| CVE-2018-15564 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. | |||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | |||||
| CVE-2018-15445 | 1 Cisco | 1 Energy Management Suite Software | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | |||||
| CVE-2018-15438 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser to perform arbitrary actions with the privileges of the user on an affected system. | |||||
| CVE-2018-15402 | 1 Cisco | 1 Enterprise Network Virtualization Software | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information. | |||||
| CVE-2018-15401 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user. | |||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | |||||
| CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | |||||
| CVE-2018-15203 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. | |||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | |||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | |||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | |||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | |||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | |||||
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | |||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | |||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||