| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-16952 |
1 Oracle |
1 Webcenter Interaction |
2018-12-07 |
6.8 |
| The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned... |
| CVE-2018-12370 |
2 Mozilla, Canonical |
2 Firefox, Ubuntu Linux |
2018-12-06 |
6.8 |
| In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability... |
| CVE-2015-4630 |
1 Koha |
1 Koha |
2018-12-04 |
6.0 |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for... |
| CVE-2018-18420 |
1 Tribalsystems |
1 Zenario |
2018-12-04 |
6.8 |
| Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. |
| CVE-2018-12364 |
4 Mozilla, Canonical, Debian and 1 more |
11 Firefox, Firefox Esr, Thunderbird and 8 more |
2018-12-03 |
6.8 |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery... |
| CVE-2018-18436 |
1 Jtbc |
1 Jtbc Php |
2018-11-30 |
6.8 |
| JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. |
| CVE-2018-15539 |
1 Agentejo |
1 Cockpit |
2018-11-30 |
6.8 |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. |
| CVE-2018-18422 |
1 Usualtool |
1 Usualtoolcms |
2018-11-30 |
6.8 |
| UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. |
| CVE-2018-18432 |
1 Destoon |
1 Destoon B2b |
2018-11-29 |
6.8 |
| An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request. |
| CVE-2018-18773 |
1 Centos-webpanel |
1 Centos Web Panel |
2018-11-29 |
6.8 |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. |
| CVE-2018-18772 |
1 Centos-webpanel |
1 Centos Web Panel |
2018-11-29 |
6.8 |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. |
| CVE-2018-17103 |
1 Get-simple |
1 Getsimple Cms |
2018-11-28 |
6.8 |
| ** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter. |
| CVE-2018-12456 |
1 Intelbras |
1 Nplug Firmware |
2018-11-28 |
6.8 |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating... |
| CVE-2018-17045 |
1 Cms Maelostore Project |
1 Cms Maelostore |
2018-11-28 |
6.8 |
| An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. |
| CVE-2018-0445 |
1 Cisco |
1 Packaged Contact Center Enterprise |
2018-11-27 |
6.8 |
| A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is... |
| CVE-2018-17869 |
1 Dasan |
1 H660gw Firmware |
2018-11-27 |
6.8 |
| DASAN H660GW devices do not implement any CSRF protection mechanism. |
| CVE-2018-0451 |
1 Cisco |
1 Tetration Analytics |
2018-11-27 |
6.8 |
| A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The... |
| CVE-2018-17986 |
1 Razorcms |
1 Razorcms |
2018-11-27 |
6.8 |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. |
| CVE-2018-15702 |
1 Tp-link |
1 Tl-wrn841n Firmware |
2018-11-27 |
6.8 |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. |
| CVE-2018-18201 |
1 Qibosoft |
1 Qibosoft |
2018-11-27 |
6.8 |
| qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. |
