Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1158

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-03 Mar, 2016 | 22:00
Updated At-05 Aug, 2024 | 22:48
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:03 Mar, 2016 | 22:00
Updated At:05 Aug, 2024 | 22:48
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
third-party-advisory
x_refsource_JVNDB
http://jvn.jp/en/jp/JVN59349382/index.html
third-party-advisory
x_refsource_JVN
http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
x_refsource_CONFIRM
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://jvn.jp/en/jp/JVN59349382/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
third-party-advisory
x_refsource_JVNDB
x_transferred
http://jvn.jp/en/jp/JVN59349382/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN59349382/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:03 Mar, 2016 | 22:59
Updated At:12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.05.1MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.1
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CPE Matches

corega
corega
>>cg-wlbargmh>>-
cpe:2.3:h:corega:cg-wlbargmh:-:*:*:*:*:*:*:*
corega
corega
>>cg-wlbargmh_firmware>>-
cpe:2.3:o:corega:cg-wlbargmh_firmware:-:*:*:*:*:*:*:*
corega
corega
>>cg-wlbargnl>>-
cpe:2.3:h:corega:cg-wlbargnl:-:*:*:*:*:*:*:*
corega
corega
>>cg-wlbargnl_firmware>>-
cpe:2.3:o:corega:cg-wlbargnl_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htmvultures@jpcert.or.jp
Vendor Advisory
http://jvn.jp/en/jp/JVN59349382/index.htmlvultures@jpcert.or.jp
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032vultures@jpcert.or.jp
Vendor Advisory
http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htmaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://jvn.jp/en/jp/JVN59349382/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN59349382/index.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN59349382/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

907Records found

CVE-2018-17826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.94%
||
7 Day CHG~0.00%
Published-01 Oct, 2018 | 08:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).

Action-Not Available
Vendor-hisiphpn/a
Product-hisiphpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-17584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-15 Apr, 2019 | 19:41
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

Action-Not Available
Vendor-wpfastestcachen/a
Product-wp_fastest_cachen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-15 Oct, 2018 | 04:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.

Action-Not Available
Vendor-emlogn/a
Product-emlogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-08 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

Action-Not Available
Vendor-chshcmsn/a
Product-cscmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

Action-Not Available
Vendor-n/aRicoh Company, Ltd.
Product-mp_c4504exmp_c4504ex_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 05:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyFAQ before 2.9.11 allows CSRF.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1622
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 72.46%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 17:56
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

Action-Not Available
Vendor-n/aYealink Network Technology Co., Ltd
Product-ultra-elegant_ip_phone_sip-t41pultra-elegant_ip_phone_sip-t41p_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.98%
||
7 Day CHG~0.00%
Published-03 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-01 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

Action-Not Available
Vendor-icmsdevn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 03:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10338
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 13:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.

Action-Not Available
Vendor-Jenkins
Product-jx_resourcesJenkins JX Resources Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.69%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.

Action-Not Available
Vendor-fledrcms_projectn/a
Product-fledrcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.01%
||
7 Day CHG~0.00%
Published-05 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.

Action-Not Available
Vendor-btiteamn/a
Product-xbtitn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-9787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-85.69% / 99.33%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 20:16
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.

Action-Not Available
Vendor-ipbrickn/a
Product-ipbrick_osn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.84% / 73.72%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 20:35
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

Action-Not Available
Vendor-n/aHP Inc.
Product-color_laserjet_4730_mfplaserjet_2200dtncolor_mfp_cm8060laserjet_4_plus\/m_pluslaserjet_1010laserjet_5llaserjet_4v\/mvcolor_laserjet_5500laserjet_9050mfpcolor_laserjet_4650laserjet_8100laserjet_2420laserjet_4000laserjet_4200dtndigital_senderslaserjet_1000laserjet_1320color_laserjet_8500color_laserjet_2605dtnlaserjet_4350dtnlaserjet_8150dn9200c_digital_senderlaserjet_1018slaserjet_25009250c_digital_sendercolor_laserjet_4600hdnlaserjet_p4010color_laserjet_4600dnlaserjet_1160laserjet_8000color_laserjet_1500color_laserjet_2500llaserjet_4m_pluslaserjet_p1005laserjet_m5025_mfplaserjet_2100color_mfp_cm8050laserjet_1005laserjet_2300laserjet_4240nlaserjet_p1500laserjet_1022nwcolor_laserjet_2500ncolor_laserjet_4700laserjet_p4510laserjet_5200laserjet_9000_mfplaserjet_iiiplaserjet_p2015laserjet_2430color_laserjet_2500color_laserjet_2500tnlaserjet_m1522n_mfp8100c_digital_senderlaserjet_5100dtnlaserjet_9000laserjet_9050laserjet_iiidlaserjet_p4500laserjet_5laserjet_4100mfplaserjet_9000mfplaserjet_1100laserjet_4300laserjet_9065laserjet_1020color_laserjet_2500lsecolor_laserjet_4600laserjet_5silaserjet_p2010laserjet_p2000laserjet_4100_mfplaserjet_iidlaserjet_1022laserjet_2500claserjet_2600claserjet_4345mfplaserjet_2000laserjet_500_pluslaserjet_9040mfplaserjet_9040color_laserjet_8550laserjet_9055laserjet_2400laserjet_9500mfplaserjet_p2030laserjet_p1000laserjet_4\/4mlaserjet_iip_pluslaserjet_m3027_mfpcolor_laserjet_5550laserjet_iiplaserjet_4250laserjet_m5035_mfplaserjet_1012laserjet_2600nlaserjet_5100laserjet_iilaserjet_iiilaserjet_p4015laserjet_4650dnlaserjet_5mlaserjet_2laserjet_p1009laserjet_4000nlaserjet_8150laserjet_2200color_laserjet_9500_mfplaserjet_9050_mfp9100c_digital_senderlaserjet_1150laserjet_1015laserjet_4345_mfplaserjet_5000laserjet_4l\/mllaserjet_p1006laserjet_p1505nlaserjet_4050laserjet_m3035_mfplaserjet_p1008laserjet_5\/m\/nlaserjet_4silaserjet_4100laserjet_4p\/mplaserjet_p1505color_laserjet_4370mfplaserjet_4laserjet_1018laserjet_9500laserjet_p1007laserjet_p3000laserjet_1022nlaserjet_2410laserjet_3700laserjet_p2050color_laserjet_9500mfplaserjet_2300dnlaserjet_m4345_mfplaserjet_3000color_laserjetlaserjet_1020_pluscolor_laserjet_4600dtnlaserjet_5p\/mplaserjet_p3005laserjet_1200laserjet_p4014laserjet_4200lnlaserjet_4350laserjet_4200color_laserjet_9500laserjet_4240laserjet_iiisilaserjet_1300edgeline_printersn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.14%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.

Action-Not Available
Vendor-flexocms_projectn/a
Product-flexo_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.

Action-Not Available
Vendor-yfcmfn/a
Product-yfcmfn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.87%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 04:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.

Action-Not Available
Vendor-frogcms_projectn/a
Product-frogcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15850
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.77%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.

Action-Not Available
Vendor-redaxon/a
Product-redaxo_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.56%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 18:54
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Contao 4.7 allows CSRF.

Action-Not Available
Vendor-n/aContao Association
Product-contao_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 04:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.

Action-Not Available
Vendor-chshcmsn/a
Product-cscmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003016
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.85%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 16:00
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-job_importJenkins Job Import Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.14%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.

Action-Not Available
Vendor-portfoliocms_projectn/a
Product-portfoliocmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.87%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.

Action-Not Available
Vendor-easycmsn/a
Product-easycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1661
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.85%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 14:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateways
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 10:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.

Action-Not Available
Vendor-subscribe_to_comments_reloaded_projectn/a
Product-subscribe_to_comments_reloadedn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6022
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:07
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in prefecthq/prefect

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.

Action-Not Available
Vendor-prefectprefecthq
Product-prefectprefecthq/prefect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.73%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

Action-Not Available
Vendor-damicmsn/a
Product-damicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.01%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.

Action-Not Available
Vendor-gleezcmsn/a
Product-gleez_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2009
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 18:00
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.

Action-Not Available
Vendor-phomen/a
Product-empirecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 01:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.

Action-Not Available
Vendor-simple-cms_projectn/a
Product-simple_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.23%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 15:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.

Action-Not Available
Vendor-q-cmsn/a
Product-qcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.

Action-Not Available
Vendor-xyhcmsn/a
Product-xyhcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 03:00
Updated-17 Sep, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.

Action-Not Available
Vendor-onethinkn/a
Product-onethinkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.34%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 02:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.

Action-Not Available
Vendor-gogsn/a
Product-gogsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.64%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 01:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.

Action-Not Available
Vendor-simple-cms_projectn/a
Product-simple_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.81% / 82.10%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 21:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-nsa325_v2nsa325_v2_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 03:00
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.

Action-Not Available
Vendor-onethinkn/a
Product-onethinkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1514
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 14:00
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1442
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.

Action-Not Available
Vendor-IBM Corporation
Product-monitoringMonitoring
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-03 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.

Action-Not Available
Vendor-n/aSamsung
Product-syncthru_web_servicen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 15:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.

Action-Not Available
Vendor-emlsoft_projectn/a
Product-emlsoftn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.66% / 87.42%
||
7 Day CHG-0.66%
Published-17 Mar, 2019 | 21:19
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.

Action-Not Available
Vendor-n/aMyBB
Product-trash_binn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.92%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found