Total
8694 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-9518 | 1 Atmail | 1 Atmail | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | |||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | |||||
| CVE-2016-0356 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | |||||
| CVE-2017-1000224 | 1 Embedplus | 1 Youtube | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | |||||
| CVE-2016-6033 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. | |||||
| CVE-2017-6917 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. | |||||
| CVE-2017-9365 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | |||||
| CVE-2017-6042 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request. | |||||
| CVE-2017-2682 | 1 Siemens | 1 Ruggedcom Network Management Software | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | |||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | |||||
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | |||||
| CVE-2017-7557 | 1 Powerdns | 1 Dnsdist | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | |||||
| CVE-2016-4904 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | |||||
| CVE-2017-3794 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | |||||
| CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | |||||
| CVE-2016-4884 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | |||||
| CVE-2016-5809 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | |||||