Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-2805

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jun, 2015 | 16:00
Updated At-06 Aug, 2024 | 05:24
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jun, 2015 | 16:00
Updated At:06 Aug, 2024 | 05:24
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/535732/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
x_refsource_MISC
http://www.securitytracker.com/id/1032544
vdb-entry
x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2015/Jun/23
mailing-list
x_refsource_FULLDISC
http://www.securityfocus.com/bid/75121
vdb-entry
x_refsource_BID
https://www.exploit-db.com/exploits/37261/
exploit
x_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/535732/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1032544
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://seclists.org/fulldisclosure/2015/Jun/23
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.securityfocus.com/bid/75121
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.exploit-db.com/exploits/37261/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/535732/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1032544
vdb-entry
x_refsource_SECTRACK
x_transferred
http://seclists.org/fulldisclosure/2015/Jun/23
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.securityfocus.com/bid/75121
vdb-entry
x_refsource_BID
x_transferred
https://www.exploit-db.com/exploits/37261/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/535732/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032544
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2015/Jun/23
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75121
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/37261/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jun, 2015 | 16:59
Updated At:06 May, 2026 | 22:30

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 6.4.5.r02(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 6.4.6.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 6.6.4.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 6.6.5.r02(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 7.3.2.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 7.3.3.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 7.3.4.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_firmware>>Versions up to 8.1.1.r01(inclusive)
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_10k>>*
cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6250>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6400>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6450>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6850e>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6855>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6860>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_6900>>*
cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*
Alcatel-Lucent Enterprise (ALE International)
alcatel-lucent
>>omniswitch_9000e>>*
cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.htmlcve@mitre.org
Exploit
http://seclists.org/fulldisclosure/2015/Jun/23cve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/535732/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/75121cve@mitre.org
N/A
http://www.securitytracker.com/id/1032544cve@mitre.org
N/A
https://www.exploit-db.com/exploits/37261/cve@mitre.org
Exploit
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004cve@mitre.org
Exploit
http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://seclists.org/fulldisclosure/2015/Jun/23af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/archive/1/535732/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/75121af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1032544af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.exploit-db.com/exploits/37261/af854a3a-2127-422b-91ae-364da2661108
Exploit
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Jun/23
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/535732/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75121
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032544
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/37261/
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Jun/23
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/535732/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032544
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/37261/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

2431Records found
CVE-2015-4586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.19%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd.

Action-Not Available
Vendor-n/aAlcatel-Lucent Enterprise (ALE International)
Product-cellpipe_7130_rg_5ae.m2013_holcellpipe_7130_rg_5ae.m2013_hol_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.

Action-Not Available
Vendor-decisions_projectn/a
Product-decisionsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6635
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4189
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 29.89%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-data_center_analytics_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4530
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_administratordocumentum_digital_asset_managerdocumentum_webtopdocumentum_taskspacedocumentum_web_publishern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20693
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.07%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 21:34
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

Action-Not Available
Vendor-gilacmsn/a
Product-gila_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 34.70%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-ubercartn/aThe Drupal Association
Product-drupalubercartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-8437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 38.87%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.

Action-Not Available
Vendor-njiandan-cms_projectn/a
Product-njiandan-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7273
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 72.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 20:05
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).

Action-Not Available
Vendor-optergyn/a
Product-protonenterprisen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.84% / 74.94%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.

Action-Not Available
Vendor-wftpservern/a
Product-wing_ftp_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 07:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSZ CMS 1.1.8 has CSRF via admin/users/new/add.

Action-Not Available
Vendor-cszcmsn/a
Product-csz_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.85%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 07:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.

Action-Not Available
Vendor-wdoyon/a
Product-doyon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4274
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-18 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.php.

Action-Not Available
Vendor-wp_smiley_projectn/a
Product-wp_smileyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 61.13%
||
7 Day CHG~0.00%
Published-16 Dec, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-25 Nov, 2009 | 21:22
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.

Action-Not Available
Vendor-n/aRoundcube Webmail Project
Product-webmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback.

Action-Not Available
Vendor-cloudwordsn/a
Product-cloudwords_for_multilingualn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6557
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rp-n12_firmwareea-n66rp-n53rp-n14_firmwarerp-n14rp-ac56rp-ac52_firmwareea-n66_firmwarerp-ac52rp-n53_firmwarerp-n12wmp-n12rp-ac56_firmwarewmp-n12_firmwareRP-AC52 Access Point
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4121
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 40.41%
||
7 Day CHG~0.00%
Published-01 Dec, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-opensolutionn/a
Product-quick.cms.litequick.cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-27 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.

Action-Not Available
Vendor-scriptezn/a
Product-mail_manager_pron/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.23%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 21:50
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.

Action-Not Available
Vendor-chamilon/a
Product-chamilo_lmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 28.42%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7346
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 38.85%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 19:00
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

Action-Not Available
Vendor-zonemindern/a
Product-zonemindern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.85%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 19:33
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-dsl-491hnu-b1b_v2_firmwaredsl-491hnu-b1b_v2dsl-491hnu-b10bdsl-491hnu-b10b_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-22 Dec, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.

Action-Not Available
Vendor-scriptsezn/a
Product-ez_poll_hostern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.

Action-Not Available
Vendor-web-doradon/a
Product-spider_catalogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.75%
||
7 Day CHG~0.00%
Published-24 Nov, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.

Action-Not Available
Vendor-paul_beaneyn/aThe Drupal Association
Product-drupalphplistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 26.90%
||
7 Day CHG~0.00%
Published-27 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.

Action-Not Available
Vendor-scriptsezn/a
Product-mini_hosting_paneln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.32%
||
7 Day CHG~0.00%
Published-26 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

Action-Not Available
Vendor-plainblackn/a
Product-webguin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.85%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 12:13
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.

Action-Not Available
Vendor-pramodn/a
Product-blogcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3950
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 20.15%
||
7 Day CHG~0.00%
Published-05 Jun, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

Action-Not Available
Vendor-xzeresn/a
Product-442sr442sr_osn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4254
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 29.89%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_advanced_media_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4407
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-23 Dec, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.

Action-Not Available
Vendor-pyforumn/a
Product-pyforumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5920
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.95%
||
7 Day CHG~0.00%
Published-12 Mar, 2019 | 21:00
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

Action-Not Available
Vendor-ncraftsnCrafts
Product-formcraftFormCraft
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4252
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 28.41%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_isdn_gw_3241n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4878
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.28%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-basercmsbaserCMS Users Community
Product-basercmsbaserCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.53%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:15
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.

Action-Not Available
Vendor-spiceworksn/a
Product-spiceworksn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-6282
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 63.80%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 20:02
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.

Action-Not Available
Vendor-chinamobileltdn/a
Product-gpn2.4p21-c-cngpn2.4p21-c-cn_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-6561
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5971
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.05%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-sukimalabSUKIMALAB.COM
Product-attendance_managerAttendance Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-6030
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.46%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-custom_body_class_projectAndrei Lupu
Product-custom_body_classCustom Body Class
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0716
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 29.89%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 28.95%
||
7 Day CHG~0.00%
Published-09 Oct, 2009 | 14:18
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.

Action-Not Available
Vendor-tim_nelsonn/aThe Drupal Association
Product-drupalshared_sign-onn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 38.83%
||
7 Day CHG~0.00%
Published-26 Oct, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-sjoerd_arendsenn/aThe Drupal Association
Product-drupalsimplenews_statisticsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5963
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.26%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-salesiqZoho SalesIQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5979
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-najeebmediaN-MEDIA
Product-personalized_woocommerce_cart_pagePersonalized WooCommerce Cart Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2878
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-0.33% / 56.19%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.
Product-hawkeye_gn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5960
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.23%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:18
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-custom4webCustom4Web
Product-wp_open_graphWP Open Graph
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 84.44%
||
7 Day CHG~0.00%
Published-13 Nov, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCFedora Project
Product-iphone_ossafarifedorachromeopensusen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-14 Aug, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_control_suite_for_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found