6 matches found
CVE-2020-19886
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcmspid=-80=9 can delete any menu...
CVE-2025-2247 WP-PManager <= 1.2 - Category Deletion via CSRF
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...
CVE-2024-56140
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...
CVE-2020-11919
CVE-2020-11919 affects Siime Eye 14.1.00000001.3.330.0.0.3.14 and is due to missing CSRF protection. The CVSSv3.1 vector indicates ADJACENT access, no privileges, user interaction required, and high impact on confidentiality, integrity, and availability (base score 8.0). Connected sources corrobo...
PT-2017-12429 · Cisco · Cisco Unified Intelligence Center
Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: A lack of cross-site request forgery CSRF protection in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted...