Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1237

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-06 Apr, 2012 | 18:00
Updated At-06 Aug, 2024 | 18:53
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:06 Apr, 2012 | 18:00
Updated At:06 Aug, 2024 | 18:53
Rejected At:
â–¼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://oss.icz.co.jp/news/?p=501
x_refsource_CONFIRM
http://www.securityfocus.com/bid/52900
vdb-entry
x_refsource_BID
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
third-party-advisory
x_refsource_JVNDB
http://jvn.jp/en/jp/JVN44913777/index.html
third-party-advisory
x_refsource_JVN
Hyperlink: http://oss.icz.co.jp/news/?p=501
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/52900
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://jvn.jp/en/jp/JVN44913777/index.html
Resource:
third-party-advisory
x_refsource_JVN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://oss.icz.co.jp/news/?p=501
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/52900
vdb-entry
x_refsource_BID
x_transferred
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
third-party-advisory
x_refsource_JVNDB
x_transferred
http://jvn.jp/en/jp/JVN44913777/index.html
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://oss.icz.co.jp/news/?p=501
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/52900
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN44913777/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:06 Apr, 2012 | 18:55
Updated At:11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

icz
icz
>>sencha_sns>>Versions up to 1.0.1(inclusive)
cpe:2.3:a:icz:sencha_sns:*:*:*:*:*:*:*:*
icz
icz
>>sencha_sns>>1.0.0
cpe:2.3:a:icz:sencha_sns:1.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN44913777/index.htmlvultures@jpcert.or.jp
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029vultures@jpcert.or.jp
N/A
http://oss.icz.co.jp/news/?p=501vultures@jpcert.or.jp
Patch
http://www.securityfocus.com/bid/52900vultures@jpcert.or.jp
N/A
http://jvn.jp/en/jp/JVN44913777/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029af854a3a-2127-422b-91ae-364da2661108
N/A
http://oss.icz.co.jp/news/?p=501af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/52900af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jvn.jp/en/jp/JVN44913777/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://oss.icz.co.jp/news/?p=501
Source: vultures@jpcert.or.jp
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/52900
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN44913777/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://oss.icz.co.jp/news/?p=501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/52900
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2433Records found

CVE-2020-23342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-9.21% / 92.55%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 13:35
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

Action-Not Available
Vendor-anchorcmsn/a
Product-anchor_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-3836
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.36%
||
7 Day CHG~0.00%
Published-24 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors.

Action-Not Available
Vendor-wuzlyn/a
Product-wuzlyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.02%
||
7 Day CHG~0.00%
Published-18 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aMyBB
Product-mybbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2009
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 18:00
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.45%
||
7 Day CHG~0.00%
Published-25 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

Action-Not Available
Vendor-open-auditn/a
Product-open-auditn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-4498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-21 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices.

Action-Not Available
Vendor-zenprisen/a
Product-zenprise_device_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.92%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-7852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.09%
||
7 Day CHG-0.12%
Published-24 Apr, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-5000ldcs-2530ldcs-2230l_firmwaredcs-5025l_firmwaredcs-942l_firmwaredcs-2132l_firmwaredcs-2136ldcs-5025ldcs-934l_firmwaredcs-6010ldcs-2310l_firmwaredcs-5030l_firmwaredcs-931ldcs-933l_firmwaredcs-933ldcs-6212l_firmwaredcs-5010ldcs-7010ldcs-2132ldcs-934ldcs-5020l_firmwaredcs-6212ldcs-5020ldcs-5010l_firmwaredcs-2136l_firmwaredcs-5009l_firmwaredcs-5029l_firmwaredcs-2330l_firmwaredcs-2330ldcs-2530l_firmwaredcs-5222ldcs-5009ldcs-2210l_firmwaredcs-2332l_firmwaredcs-7000ldcs-7010l_firmwaredcs-7000l_firmwaredcs-2230ldcs-930l_firmwaredcs-931l_firmwaredcs-5222l_firmwaredcs-932l_firmwaredcs-930ldcs-5000l_firmwaredcs-6010l_firmwaredcs-5030ldcs-2310ldcs-2332ldcs-942ldcs-2210ldcs-932ldcs-5029ln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22479
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 25.38%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 16:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22808
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.53%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

Action-Not Available
Vendor-n/a
Product-hmibscea53d1edb_firmwarehmibscea53d1emlhmibscea53d1edbhmibscea53d1edmhmibscea53d1edm_firmwarehmibscea53d1esm_firmwarehmibscea53d1edlhmibscea53d1ess_firmwarehmibscea53d1eds_firmwarehmibscea53d1edl_firmwarehmibscea53d1eml_firmwarehmibscea53d1esshmibscea53d1esmhmibscea53d1edsEcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-3293
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.02%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.29%
||
7 Day CHG~0.00%
Published-31 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

Action-Not Available
Vendor-frog_cms_projectn/a
Product-frog_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 07:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.

Action-Not Available
Vendor-kotti_projectn/a
Product-kottin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22778
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.41%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 17:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-businessconnect_trading_community_managementTIBCO BusinessConnect Trading Community Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.27%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 21:11
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

Action-Not Available
Vendor-quadbasen/a
Product-espressreports_esn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0235
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-11.12% / 93.31%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 19:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-2522
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-19.24% / 95.23%
||
7 Day CHG~0.00%
Published-29 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxsambadebian_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-27885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.59%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 18:15
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

Action-Not Available
Vendor-e107n/a
Product-e107n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-19555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.24%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 07:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.

Action-Not Available
Vendor-tp4an/a
Product-teleportn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25931
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 14:54
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website.

Action-Not Available
Vendor-opennmsn/a
Product-horizonmeridianOpenNMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.11%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.

Action-Not Available
Vendor-tribalsystemsn/a
Product-zenarion/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-17792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.73%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:47
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MDaemon Webmail (formerly WorldClient) has CSRF.

Action-Not Available
Vendor-altnn/a
Product-mdaemon_webmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0229
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.77%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 19:51
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0267
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

Action-Not Available
Vendor-SAP SE
Product-manufacturing_integration_and_intelligenceSAP Manufacturing Integration and Intelligence
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.26%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:53
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.

Action-Not Available
Vendor-multi_user_projectn/a
Product-multi_usern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.75%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.

Action-Not Available
Vendor-icmsdevn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-1432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 65.87%
||
7 Day CHG~0.00%
Published-10 Feb, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

Action-Not Available
Vendor-phpbbn/a
Product-phpbbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 78.67%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 13:53
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges.

Action-Not Available
Vendor-fsn/a
Product-s3900_24t4s_firmwares3900_24t4sn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-31 Aug, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.

Action-Not Available
Vendor-pliggn/a
Product-pligg_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.69%
||
7 Day CHG~0.00%
Published-27 May, 2022 | 12:56
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.

Action-Not Available
Vendor-deltacontrolsn/a
Product-entelitouch_firmwareentelitouchn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25212
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.22%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-swampJenkins SWAMP Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8925
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.78%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 13:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationPhoto Station
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 33.58%
||
7 Day CHG~0.00%
Published-19 Aug, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.

Action-Not Available
Vendor-portfolio_projectn/a
Product-portfolion/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.40%
||
7 Day CHG~0.00%
Published-24 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.

Action-Not Available
Vendor-creditwestbankn/a
Product-cwcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-2773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-15 Nov, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-1485
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 36.53%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-data_loss_preventionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.92%
||
7 Day CHG~0.00%
Published-10 Aug, 2018 | 15:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.

Action-Not Available
Vendor-chartered_accountant_\n/a
Product-_auditor_website_projectn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.69%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php.

Action-Not Available
Vendor-creative-solutionsn/a
Product-contact_form_generatorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.10% / 89.61%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.

Action-Not Available
Vendor-webgroupmedian/a
Product-cerbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6304
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 28.97%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_server_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25600
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 33.62%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

Action-Not Available
Vendor-wepluginsFlippercodeFedora Project
Product-fedorawp_mapsWP Google Map Plugin (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.10%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.

Action-Not Available
Vendor-n/aEnalean SAS
Product-tuleapn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.

Action-Not Available
Vendor-joyplus-cms_projectn/a
Product-joyplus-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5338
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.77%
||
7 Day CHG~0.00%
Published-22 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8844
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.48%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Action-Not Available
Vendor-Philips
Product-e-alert_firmwaree-Alert Unit (non-medical device)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-1581
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 26.61%
||
7 Day CHG~0.00%
Published-11 Feb, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php.

Action-Not Available
Vendor-mobile_domain_projectn/a
Product-mobile_domainn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20687
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-daifukuyadaifukuya.com
Product-kagemaiKagemai
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.80% / 85.83%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 21:19
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.

Action-Not Available
Vendor-n/aMyBB
Product-trash_binn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 23
  • 24
  • 25
  • ...
  • 48
  • 49
  • Next
Details not found