Lucene search
+L

150 matches found

NVD
NVD
added 2021/12/01 11:15 a.m.35 views

CVE-2021-4017

showdoc is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS0.00596EPSS
Exploits1References2
OSV
OSV
added 2021/11/19 12:15 p.m.10 views

CVE-2021-3963

kimai2 is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2021/11/02 6:15 p.m.30 views

CVE-2020-23686

Cross site request forgery CSRF vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts...

8.8CVSS0.00568EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/06/01 4:29 p.m.19 views

CVE-2014-8942

Lexiglot through 2014-11-20 allows CSRF...

8.8AI score0.00485EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.6 views

PT-2020-12162 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete an article template via a crafted request to the admin/manage-templates.php endpoint. This is made possible by a CSRF weakness. Recommendations:...

4.3CVSS4.4AI score0.00485EPSS
Exploits1References4
NVD
NVD
added 2020/02/18 7:15 p.m.16 views

CVE-2020-9270

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php...

8.8CVSS8.8AI score0.00513EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/16 8:21 p.m.18 views

CVE-2018-20972

The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...

9.2AI score0.00649EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/14 3:32 p.m.19 views

CVE-2017-18512

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...

8.8AI score0.00649EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/08 8:1 p.m.16 views

CVE-2015-9292

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...

8.9AI score0.00614EPSS
Exploits1References1
Veracode
Veracode
added 2019/07/15 12:7 a.m.22 views

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross-site request forgery CSRF attacks. POST requests made by the NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks...

8.8CVSS9.2AI score0.01047EPSS
Exploits0References15Affected Software7
Positive Technologies
Positive Technologies
added 2019/07/02 12:0 a.m.4 views

PT-2019-18492 · Linear · Linear Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Linear eMerge E3-Series devices affected versions not specified Description: The issue allows for Cross-Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application...

8.8CVSS8.7AI score0.16278EPSS
Exploits5References5
Cvelist
Cvelist
added 2018/09/16 9:0 p.m.20 views

CVE-2018-17102

An issue was discovered in QuickAppsCMS aka QACMS through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI...

8.8AI score0.00709EPSS
Exploits1References2
Prion
Prion
added 2018/07/08 4:29 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/adminmanager.php?action=save&id=2...

6.8CVSS8.6AI score0.00523EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/05/24 7:29 a.m.19 views

CVE-2018-11405

Kliqqi 2.0.2 has CSRF in admin/adminusers.php...

8.8CVSS8.9AI score
Exploits0References1
0day.today
0day.today
added 2017/09/09 12:0 a.m.47 views

EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure Vulnerabilities

EE 4GEE wireless router version EE600005.0025 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities. EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory ------------------------------------------------- Hardware Version/Model:...

Exploits0
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.31 views

CVE-2017-1000069

CSRF in Bitly oauth2proxy 2.1 during authentication flow...

8.9AI score0.00739EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/03/26 11:40 p.m.19 views

Urban Dictionary: Session replay vulnerability in www.urbandictionary.com

Session replay vulnerability in www.urbandictionary.com I considered titling this bug "Session tokens not expiring", which is what you need to tell your development team. But I titled it as I did to emphasize at least one attack made possible by the bug. There may be others. Description Privilege...

0.2AI score
Exploits0
NVD
NVD
added 2017/01/18 5:59 p.m.13 views

CVE-2016-7980

Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...

8.8CVSS9.1AI score0.04122EPSS
Exploits4References8
0day.today
0day.today
added 2015/07/21 12:0 a.m.24 views

WordPress Portfolio 1.0 Cross Site Request Forgery Vulnerability

WordPress Portfolio plugin version 1.0 suffers from a cross site request forgery vulnerability. Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Submitter: Nitin Venkatesh Product: Portfolio Plugin Wordpress Plugin Product URL:...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.72 views

Stored XSS Vulnerability In Manage Engine Device Expert

=============================================================================== Stored XSS Vulnerability In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability I...

0.1AI score
Exploits0
Rows per page
Query Builder