Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

2375 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17369 1 Otcms 1 Otcms 2019-10-16 4.3
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.
CVE-2019-17600 1 Intelbras 1 Iwr 1000n Firmware 2019-10-15 10.0
Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrator login name and password because v1/system/user is mishandled.
CVE-2019-11077 1 Fastadmin 1 Fastadmin 2019-10-15 6.8
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.
CVE-2019-13529 1 Sma 1 Sunny Webbox Firmware 2019-10-15 6.8
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to...
CVE-2019-17432 1 Fastadmin 1 Fastadmin 2019-10-15 4.3
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
CVE-2019-17386 1 Eleopard 1 Animate It%21 2019-10-15 6.8
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.
CVE-2016-10874 1 Wpseeds 1 Wp Database Backup 2019-10-12 6.8
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2019-17431 1 Fastadmin 1 Fastadmin 2019-10-11 6.8
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
CVE-2015-9455 2019-10-10 7.8
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
CVE-2019-17217 2019-10-10 6.8
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
CVE-2008-6586 1 Utorrent 1 Utorrent Webui 2019-10-10 6.8
Cross-site request forgery (CSRF) vulnerability in gui/index.php in ?Torrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url...
CVE-2019-9883 2019-10-09 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via...
CVE-2019-9882 2019-10-09 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via...
CVE-2019-8991 1 Tibco 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more 2019-10-09 6.8
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid,...
CVE-2019-6561 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 6.8
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6166 2019-10-09 6.8
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
CVE-2019-5630 1 Rapid7 1 Nexpose 2019-10-09 6.8
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a...
CVE-2019-5430 1 Ui 1 Unifi Video 2019-10-09 6.8
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on...
CVE-2019-4515 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 4.3
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.
CVE-2019-4212 1 Ibm 1 Qradar Security Information And Event Manager 2019-10-09 6.8
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.