Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

2047 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-13810 1 Siemens 2 Cp 1604 Firmware, Cp 1616 Firmware 2019-04-18 4.3
A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user...
CVE-2019-10642 1 Contao 1 Contao Cms 2019-04-18 6.8
Contao 4.7 allows CSRF.
CVE-2019-9176 1 Gitlab 1 Gitlab 2019-04-17 5.8
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
CVE-2016-8201 1 Brocade 1 Virtual Traffic Manager 2019-04-17 6.0
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
CVE-2018-16365 1 Idreamsoft 1 Icms 2019-04-16 6.8
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVE-2017-5657 1 Apache 1 Archiva 2019-04-16 6.0
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on...
CVE-2016-4469 1 Apache 1 Archiva 2019-04-16 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter...
CVE-2018-16366 1 Idreamsoft 1 Icms 2019-04-16 6.8
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVE-2017-8928 1 Mailcow 1 Mailcow-dockerized 2019-04-16 6.8
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
CVE-2018-17584 1 Wpfastestcache 1 Wp Fastest Cache 2019-04-16 6.8
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
CVE-2018-16966 1 File Manager Project 1 File Manager 2019-04-16 6.8
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
CVE-2018-19291 1 Dilicms 1 Dilicms 2019-04-16 5.8
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVE-2018-1999027 1 Jenkins 1 Saltstack 2019-04-16 6.8
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
CVE-2018-19969 1 Phpmyadmin 1 Phpmyadmin 2019-04-15 6.8
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new...
CVE-2017-18366 1 Intelliants 1 Subrion Cms 2019-04-15 6.8
Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVE-2018-2000 1 Ibm 2 Business Automation Workflow, Business Process Manager 2019-04-15 6.8
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.
CVE-2019-10292 1 Jenkins 1 Kmap 2019-04-15 4.3
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-10289 1 Jenkins 1 Netsparker Cloud Scan 2019-04-15 4.3
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server.
CVE-2019-10278 1 Jenkins 1 Jenkins-reviewbot 2019-04-15 4.3
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003098 1 Jenkins 1 Openid 2019-04-15 4.3
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.