Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

1993 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16447 1 Frogcms Project 1 Frogcms 2019-02-20 6.8
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
CVE-2019-1003012 1 Jenkins 1 Blue Ocean 2019-02-20 4.3
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js,...
CVE-2019-1000022 2019-02-20 6.8
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via...
CVE-2018-16634 1 Pluck-cms 1 Pluck 2019-02-20 6.8
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
CVE-2019-0267 1 Sap 1 Manufacturing Integration And Intelligence 2019-02-20 6.8
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
CVE-2019-8902 1 Idreamsoft 1 Icms 2019-02-19 4.9
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVE-2019-8910 1 Wtcms Project 1 Wtcms 2019-02-19 6.8
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
CVE-2019-1658 1 Cisco 1 Unified Intelligence Center 2019-02-15 4.3
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device....
CVE-2019-1000003 1 Mapsvg 1 Mapsvg Lite 2019-02-15 6.8
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This...
CVE-2018-6907 1 Rainmachine 1 Rainmachine Web Application 2019-02-15 6.8
A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.
CVE-2019-8347 1 Beescms 1 Beescms 2019-02-15 6.8
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
CVE-2018-6342 2019-02-14 9.3
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network...
CVE-2018-1000858 2 Gnupg, Canonical 2 Gnupg, Ubuntu Linux 2019-02-13 6.8
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD...
CVE-2019-7738 2019-02-13 5.8
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
CVE-2019-7737 1 Verydows 1 Verydows 2019-02-12 6.8
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.
CVE-2019-7730 1 Mywebsql 1 Mywebsql 2019-02-12 4.9
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
CVE-2019-1003017 1 Jenkins 1 Job Import 2019-02-11 2.6
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to...
CVE-2018-20780 1 Traq 1 Traq 2019-02-11 6.8
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
CVE-2019-1003016 1 Jenkins 1 Job Import 2019-02-08 4.3
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,...
CVE-2019-1003022 1 Jenkins 1 Monitoring 2019-02-08 4.3
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.