Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

1876 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16952 1 Oracle 1 Webcenter Interaction 2018-12-07 6.8
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned...
CVE-2018-12370 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2018-12-06 6.8
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability...
CVE-2015-4630 1 Koha 1 Koha 2018-12-04 6.0
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for...
CVE-2018-18420 1 Tribalsystems 1 Zenario 2018-12-04 6.8
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
CVE-2018-12364 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-03 6.8
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery...
CVE-2018-18436 1 Jtbc 1 Jtbc Php 2018-11-30 6.8
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
CVE-2018-15539 1 Agentejo 1 Cockpit 2018-11-30 6.8
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
CVE-2018-18422 1 Usualtool 1 Usualtoolcms 2018-11-30 6.8
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
CVE-2018-18432 1 Destoon 1 Destoon B2b 2018-11-29 6.8
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.
CVE-2018-18773 1 Centos-webpanel 1 Centos Web Panel 2018-11-29 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
CVE-2018-18772 1 Centos-webpanel 1 Centos Web Panel 2018-11-29 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
CVE-2018-17103 1 Get-simple 1 Getsimple Cms 2018-11-28 6.8
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.
CVE-2018-12456 1 Intelbras 1 Nplug Firmware 2018-11-28 6.8
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating...
CVE-2018-17045 1 Cms Maelostore Project 1 Cms Maelostore 2018-11-28 6.8
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
CVE-2018-0445 1 Cisco 1 Packaged Contact Center Enterprise 2018-11-27 6.8
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is...
CVE-2018-17869 1 Dasan 1 H660gw Firmware 2018-11-27 6.8
DASAN H660GW devices do not implement any CSRF protection mechanism.
CVE-2018-0451 1 Cisco 1 Tetration Analytics 2018-11-27 6.8
A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The...
CVE-2018-17986 1 Razorcms 1 Razorcms 2018-11-27 6.8
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
CVE-2018-15702 1 Tp-link 1 Tl-wrn841n Firmware 2018-11-27 6.8
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
CVE-2018-18201 1 Qibosoft 1 Qibosoft 2018-11-27 6.8
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.