Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

2107 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12616 1 Phpmyadmin 1 Phpmyadmin 2019-06-14 4.3
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the...
CVE-2019-0996 1 Microsoft 1 Azure Devops Server 2019 2019-06-13 4.3
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'.
CVE-2019-10338 1 Jenkins 1 Jx Resources 2019-06-13 6.8
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking...
CVE-2019-10331 1 Jenkins 1 Electricflow 2019-06-13 4.3
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-3410 2019-06-12 6.8
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted...
CVE-2019-11517 1 Wampserver 1 Wampserver 2019-06-11 5.8
WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
CVE-2018-10696 1 Moxa 1 Awk-3121 Firmware 2019-06-11 6.8
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an...
CVE-2012-1297 1 Contao 1 Contao Cms 2019-06-11 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action...
CVE-2018-8817 1 Wampserver 1 Wampserver 2019-06-10 6.8
Wampserver before 3.1.3 has CSRF in add_vhost.php.
CVE-2019-1881 1 Cisco 1 Industrial Network Director 2019-06-07 6.8
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected...
CVE-2013-6429 2 Springsource, Pivotal Software 2 Spring Framework, Spring Framework 2019-06-05 6.8
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and...
CVE-2019-10321 1 Jfrog 1 Artifactory 2019-06-05 4.3
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using...
CVE-2019-9883 2019-06-04 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via...
CVE-2019-9882 2019-06-04 6.8
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via...
CVE-2018-1000206 2019-06-03 6.8
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be...
CVE-2019-10326 1 Jenkins 1 Warnings Next Generation 2019-06-03 4.3
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-10324 1 Jfrog 1 Artifactory 2019-06-03 4.3
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to...
CVE-2018-16218 1 Yealink 1 Ultra-elegant Ip Phone Sip-t41p Firmware 2019-05-31 6.8
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted...
CVE-2019-12502 1 Mobotix 1 S14 Firmware 2019-05-31 9.3
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.
CVE-2017-1000479 2 Pfsense, Netgate 2 Pfsense, Pfsense 2019-05-30 6.8
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in...