3 matches found
CVE-2019-25313
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin accoun...
CVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...
CVE-2020-37144
CVE-2020-37144 affects Exagate SYSGuard 6001. The root cause is a cross-site request forgery that lets an attacker trick a user into submitting a crafted HTML form to /kulyon.php, resulting in the creation of an unauthorized admin account. Affected product/version explicitly named in multiple sou...