Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

2370 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10874 1 Wpseeds 1 Wp Database Backup 2019-10-12 6.8
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2019-17431 1 Fastadmin 1 Fastadmin 2019-10-11 6.8
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
CVE-2015-9455 2019-10-10 7.8
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
CVE-2019-17217 2019-10-10 6.8
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
CVE-2008-6586 1 Utorrent 1 Utorrent Webui 2019-10-10 6.8
Cross-site request forgery (CSRF) vulnerability in gui/index.php in ?Torrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url...
CVE-2019-9883 2019-10-09 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via...
CVE-2019-9882 2019-10-09 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via...
CVE-2019-8991 1 Tibco 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more 2019-10-09 6.8
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid,...
CVE-2019-6561 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 6.8
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6166 2019-10-09 6.8
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
CVE-2019-5630 1 Rapid7 1 Nexpose 2019-10-09 6.8
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a...
CVE-2019-5430 1 Ui 1 Unifi Video 2019-10-09 6.8
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on...
CVE-2019-4515 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 4.3
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.
CVE-2019-4212 1 Ibm 1 Qradar Security Information And Event Manager 2019-10-09 6.8
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.
CVE-2019-4167 1 Ibm 1 Storediq 2019-10-09 4.3
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
CVE-2019-4142 1 Ibm 1 Cloud Private 2019-10-09 6.8
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
CVE-2019-4117 1 Ibm 1 Cloud Private 2019-10-09 6.8
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
CVE-2019-3718 1 Dell 1 Supportassist 2019-10-09 6.8
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
CVE-2019-3604 1 Mcafee 1 Epolicy Orchestrator 2019-10-09 6.8
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
CVE-2019-3410 2019-10-09 6.8
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted...