150 matches found
CVE-2021-4017
showdoc is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2021-3963
kimai2 is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2020-23686
Cross site request forgery CSRF vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts...
CVE-2014-8942
Lexiglot through 2014-11-20 allows CSRF...
PT-2020-12162 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete an article template via a crafted request to the admin/manage-templates.php endpoint. This is made possible by a CSRF weakness. Recommendations:...
CVE-2020-9270
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2017-18512
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...
CVE-2015-9292
6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...
Cross-Site Request Forgery (CSRF)
firefox is vulnerable to cross-site request forgery CSRF attacks. POST requests made by the NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks...
PT-2019-18492 · Linear · Linear Emerge E3-Series
Name of the Vulnerable Software and Affected Versions: Linear eMerge E3-Series devices affected versions not specified Description: The issue allows for Cross-Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application...
CVE-2018-17102
An issue was discovered in QuickAppsCMS aka QACMS through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI...
Cross site request forgery (csrf)
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/adminmanager.php?action=save&id=2...
CVE-2018-11405
Kliqqi 2.0.2 has CSRF in admin/adminusers.php...
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure Vulnerabilities
EE 4GEE wireless router version EE600005.0025 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities. EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory ------------------------------------------------- Hardware Version/Model:...
CVE-2017-1000069
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
Urban Dictionary: Session replay vulnerability in www.urbandictionary.com
Session replay vulnerability in www.urbandictionary.com I considered titling this bug "Session tokens not expiring", which is what you need to tell your development team. But I titled it as I did to emphasize at least one attack made possible by the bug. There may be others. Description Privilege...
CVE-2016-7980
Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...
WordPress Portfolio 1.0 Cross Site Request Forgery Vulnerability
WordPress Portfolio plugin version 1.0 suffers from a cross site request forgery vulnerability. Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Submitter: Nitin Venkatesh Product: Portfolio Plugin Wordpress Plugin Product URL:...
Stored XSS Vulnerability In Manage Engine Device Expert
=============================================================================== Stored XSS Vulnerability In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability I...