Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-5300

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jan, 2015 | 11:00
Updated At-17 Sep, 2024 | 03:23
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jan, 2015 | 11:00
Updated At:17 Sep, 2024 | 03:23
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.htbridge.com/advisory/HTB22976
x_refsource_MISC
Hyperlink: https://www.htbridge.com/advisory/HTB22976
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.htbridge.com/advisory/HTB22976
x_refsource_MISC
x_transferred
Hyperlink: https://www.htbridge.com/advisory/HTB22976
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jan, 2015 | 11:59
Updated At:12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
pommo
pommo
>>pommo-ardvark>>pr16.1
cpe:2.3:a:pommo:pommo-ardvark:pr16.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.htbridge.com/advisory/HTB22976cve@mitre.org
Exploit
https://www.htbridge.com/advisory/HTB22976af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: https://www.htbridge.com/advisory/HTB22976
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.htbridge.com/advisory/HTB22976
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

2431Records found
CVE-2017-18782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.69% / 81.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:34
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000r6080_firmwarejwnr2010r6120_firmwarer6800wnr1000_firmwarer6050pr2000_firmwarer6220r6020r6020_firmwared7000r6080d7000_firmwarer6700wndr3700_firmwarewnr1000r6900d6200_firmwarer6900_firmwarer6050_firmwarewnr2050d6200jr6150_firmwarejr6150wnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:11
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd2200b_firmwarer8500r7300wndr3700r6700r7300_firmwarer8300_firmwarer6220_firmwarewndr3700_firmwarer6400_firmwarer6900pr6900r7000pr6900p_firmwaredgnd2200bdgn2200_firmwarer8300r8500_firmwarer6900_firmwarer6050_firmwarer6050dgn2200r6220jr6150_firmwarejr6150r6300r6400r6300_firmwarer6700_firmwarer7000p_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-5285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.50%
||
7 Day CHG~0.00%
Published-26 Nov, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.

Action-Not Available
Vendor-o-dynn/a
Product-collabtiven/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5900
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.90%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 13:59
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNGINX Controller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 20:53
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subrion CMS 4.1.5 has CSRF in blog/delete/.

Action-Not Available
Vendor-intelliantsn/a
Product-subrion_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-20120
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.58%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 16:15
Updated-15 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TrueConf Server cross-site request forgery

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-trueconfTrueConf
Product-serverServer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:18
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.

Action-Not Available
Vendor-wp-kaman/a
Product-democracy_polln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-20020
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 22:35
Updated-15 Apr, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solare Solar-Log cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-solar-logSolare
Product-solar-log_1000_firmwaresolar-log_500solar-log_2000solar-log_500_firmwaresolar-log_300solar-log_300_firmwaresolar-log_250solar-log_250_firmwaresolar-log_2000_firmwaresolar-log_1000_pm\+solar-log_1200_firmwaresolar-log_1000solar-log_1000_pm\+_firmwaresolar-log_800e_firmwaresolar-log_800esolar-log_1200Solar-Log
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18511
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:38
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.

Action-Not Available
Vendor-n/aIncsub, LLC
Product-custom_sidebarsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 14:53
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.

Action-Not Available
Vendor-mythemeshopn/a
Product-my_wp_translaten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5335
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.08% / 23.14%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18512
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:32
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.

Action-Not Available
Vendor-supsysticn/a
Product-newsletter_by_supsysticn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-2097
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-support-projectsupport-project.org
Product-knowledgeKnowledge
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-2102
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.20%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5770
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.58%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 19:57
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Action-Not Available
Vendor-teltonika-networksn/a
Product-trb245_firmwaretrb245Teltonika Gateway TRB245
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5786
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.78%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 19:41
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Action-Not Available
Vendor-teltonika-networksn/a
Product-trb245_firmwaretrb245Teltonika Gateway TRB245
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6373
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 10.30%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 12:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300r7300dst_firmwarer8500_firmwarer8500wndr3400_firmwarer8300_firmwarer7300dstwndr3400n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.44%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:36
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rp_firmwarewn3000rpex6400_firmwareex6100_firmwareex7300ex7300_firmwareex6400ex6200ex6200_firmwareex6150ex6150_firmwareex6100n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.27%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:25
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6220_firmwarejwnr2010r6100_firmwarewndr4300_firmwarer7500_firmwarewnr1000_firmwarer6050r6220wndr4500r6100r9000_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwarer9000r7500r6050_firmwarer7800wnr2050jr6150jr6150_firmwarewnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-20045
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 06:50
Updated-15 Apr, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Navetti PricePoint cross-site request forgery

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-vendavoNavetti
Product-pricepointPricePoint
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-4750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 40.05%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-blogcmsn/a
Product-blog\n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 15:08
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.

Action-Not Available
Vendor-eelv_newsletter_projectn/a
Product-eelv_newslettern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 15:36
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.

Action-Not Available
Vendor-n/aWPDeveloper
Product-twitter_cards_metan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 20:14
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.

Action-Not Available
Vendor-neliosoftwaren/a
Product-nelio_ab_testingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 20:16
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.

Action-Not Available
Vendor-jayj_quicktag_projectn/a
Product-jayj_quicktagn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-28 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.

Action-Not Available
Vendor-single_theater_booking_script_projectn/a
Product-single_theater_booking_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Readymade Job Site Script has CSRF via the /job URI.

Action-Not Available
Vendor-basic_job_site_script_projectn/a
Product-basic_job_site_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.

Action-Not Available
Vendor-responsive_realestate_script_projectn/a
Product-responsive_realestate_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.65%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 17:00
Updated-24 Oct, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.68%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.

Action-Not Available
Vendor-n/aPiwigo
Product-piwigon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17835
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.07%
||
7 Day CHG~0.00%
Published-23 Jan, 2019 | 17:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-4032
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.39%
||
7 Day CHG~0.00%
Published-01 Nov, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_control_performance_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.22% / 88.53%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 19:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

Action-Not Available
Vendor-sourcetreesolutionsn/a
Product-mojoportaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3305
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.57%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:09
Updated-07 Aug, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

Action-Not Available
Vendor-pixelpostpixelpost
Product-pixelpostpixelpost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.51%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php.

Action-Not Available
Vendor-santafoxn/a
Product-santafoxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18080
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.21%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-bambooBamboo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-08 Oct, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-04 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software.

Action-Not Available
Vendor-n/aZKTeco Co., Ltd.
Product-zktime_webn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-30 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.

Action-Not Available
Vendor-iwcnetworkn/a
Product-biometric_shift_employee_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4938
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.

Action-Not Available
Vendor-car_rental_script_projectn/a
Product-car_rental_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1769
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_managerBusiness Process Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.50%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementTivoli Components
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-28 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vanguard Marketplace Digital Products PHP has CSRF via /search.

Action-Not Available
Vendor-vanguard_projectn/a
Product-marketplace_digital_products_phpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.34%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 21:51
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.

Action-Not Available
Vendor-gilacmsn/a
Product-gila_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-25064
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 13:10
Updated-15 Apr, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoreHR Core Portal cross-site request forgery

A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-theaccessgroupCoreHR
Product-corehr_core_portalCore Portal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3989
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.27%
||
7 Day CHG~0.00%
Published-28 Oct, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_control_virtual_machine_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-16565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.79%
||
7 Day CHG~0.00%
Published-06 Nov, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

Action-Not Available
Vendor-grandstreamn/a
Product-ht802_firmwareht802n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-4106
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-01 Nov, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_control_for_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found