Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-8018

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-14 Mar, 2017 | 22:00
Updated At-06 Aug, 2024 | 02:13
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:14 Mar, 2017 | 22:00
Updated At:06 Aug, 2024 | 02:13
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.

Affected Products
Vendor
Intel CorporationIntel
Product
VirusScan Enterprise Linux (VSEL)
Versions
Affected
  • 2.0.3 (and earlier)
Problem Types
TypeCWE IDDescription
textN/ACross-site request forgery (CSRF) vulnerability
Type: text
CWE ID: N/A
Description: Cross-site request forgery (CSRF) vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/94823
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1037433
vdb-entry
x_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB10181
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/40911/
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/94823
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1037433
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10181
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.exploit-db.com/exploits/40911/
Resource:
exploit
x_refsource_EXPLOIT-DB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/94823
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1037433
vdb-entry
x_refsource_SECTRACK
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10181
x_refsource_CONFIRM
x_transferred
https://www.exploit-db.com/exploits/40911/
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/94823
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037433
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10181
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/40911/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:14 Mar, 2017 | 22:59
Updated At:13 May, 2026 | 00:24

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches

McAfee, LLC
mcafee
>>virusscan_enterprise>>Versions up to 2.0.3(inclusive)
cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:linux:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/94823secure@intel.com
N/A
http://www.securitytracker.com/id/1037433secure@intel.com
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10181secure@intel.com
Vendor Advisory
https://www.exploit-db.com/exploits/40911/secure@intel.com
N/A
http://www.securityfocus.com/bid/94823af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1037433af854a3a-2127-422b-91ae-364da2661108
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10181af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.exploit-db.com/exploits/40911/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/94823
Source: secure@intel.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037433
Source: secure@intel.com
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10181
Source: secure@intel.com
Resource:
Vendor Advisory
Hyperlink: https://www.exploit-db.com/exploits/40911/
Source: secure@intel.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037433
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.exploit-db.com/exploits/40911/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

139Records found

CVE-2021-31845
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-8.4||HIGH
EPSS-1.08% / 61.10%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 13:45
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in McAfee DLP Discover

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Action-Not Available
Vendor-McAfee, LLC
Product-data_loss_prevention_discoverMcAfee Data Loss Prevention (DLP) Discover
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-1258
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-8.4||HIGH
EPSS-0.94% / 56.46%
||
7 Day CHG+0.03%
Published-14 Apr, 2022 | 13:50
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in McAfee Agent's ePO extension

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent ePO extension
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-4014
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8||HIGH
EPSS-0.86% / 54.08%
||
7 Day CHG~0.00%
Published-17 May, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

Action-Not Available
Vendor-McAfee, LLC
Product-network_data_loss_preventionNetwork Data Loss Prevention (NDLP)
CWE ID-CWE-384
Session Fixation
CVE-2016-8025
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.2||MEDIUM
EPSS-6.55% / 92.98%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-virusscan_enterpriseVirusScan Enterprise Linux (VSEL)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-8020
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8||HIGH
EPSS-11.10% / 95.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-virusscan_enterpriseVirusScan Enterprise Linux (VSEL)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-3646
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-6.9||MEDIUM
EPSS-1.48% / 70.75%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 13:05
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection - Free Antivirus Trial
CWE ID-CWE-714
Not Available
CWE ID-CWE-426
Untrusted Search Path
CVE-2014-1473
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 48.44%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-vulnerability_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5444
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-8||HIGH
EPSS-0.35% / 27.08%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 09:47
Updated-02 Dec, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in ePO leading to privilege escalation

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

Action-Not Available
Vendor-Musarubra US LLC (Trellix)McAfee, LLC
Product-epolicy_orchestratorePolicy Orchestrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-3965
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.89%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

Action-Not Available
Vendor-McAfee, LLC
Product-network_security_managerNetwork Security Management (NSM)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2199
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.95%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-vulnerability_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-7612
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.82% / 52.89%
||
7 Day CHG~0.00%
Published-01 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-vulnerability_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2759
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.82% / 52.89%
||
7 Day CHG~0.00%
Published-27 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-data_loss_prevention_endpointn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2390
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.71% / 48.94%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-network_security_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8523
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 43.28%
||
7 Day CHG~0.00%
Published-29 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-network_data_loss_preventionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8521
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.39% / 31.01%
||
7 Day CHG~0.00%
Published-29 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-network_data_loss_preventionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-1257
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.84% / 53.25%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:57
Updated-23 Jul, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft CorporationApple Inc.Linux Kernel Organization, IncMcAfee, LLC
Product-linux_kernelwindowsagentmacoscatalyst_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7336
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-6.6||MEDIUM
EPSS-0.52% / 40.52%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 23:10
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Network Security Management (NSM) - Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.

Action-Not Available
Vendor-McAfee, LLC
Product-network_security_managementNetwork Security Management (NSM)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7304
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-7.6||HIGH
EPSS-0.49% / 38.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 03:00
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLP ePO extension - Cross-site request forgery

Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

Action-Not Available
Vendor-McAfee, LLC
Product-data_loss_preventionDLP ePO extension
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7332
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-7||HIGH
EPSS-0.58% / 43.53%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 09:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

Action-Not Available
Vendor-McAfee, LLC
Product-endpoint_securityEndpoint Security for Windows
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-3604
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.61%
||
7 Day CHG~0.00%
Published-01 Feb, 2019 | 16:00
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ePolicy Orchestrator Cloud update fixes multiple Cross-Site Request Forgery vulnerabilities

Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.

Action-Not Available
Vendor-McAfee, LLC
Product-epolicy_orchestratorePolicy Orchestrator Cloud
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0961
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_identity_managersecurity_identity_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0944
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.73% / 49.61%
||
7 Day CHG~0.00%
Published-09 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-operational_decision_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4671
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-6||MEDIUM
EPSS-2.05% / 78.95%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayweb_gateway_appliance_8450web_gateway_appliance_8490n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3992
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.58% / 43.41%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_biginsightsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23522
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 78.47%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 12:07
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.

Action-Not Available
Vendor-pixelimityn/a
Product-pixelimityn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-0489
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.47% / 37.62%
||
7 Day CHG~0.00%
Published-27 Mar, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1632
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.55% / 41.96%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 02:55
Updated-21 Nov, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_computing_systemintegrated_management_controllerCisco Unified Computing System (Management Software)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-1058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.92% / 56.07%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Action-Not Available
Vendor-flysprayn/a
Product-flysprayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-1057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.61% / 45.11%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."

Action-Not Available
Vendor-sean_robertsonn/aThe Drupal Association
Product-drupalforwardn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-1843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-1.06% / 60.47%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

Action-Not Available
Vendor-quantumn/aDell Inc.
Product-powervault_ml6000_firmwarescalar_i500_firmwarepowervault_ml6030powervault_ml6000powervault_ml6010powervault_ml6020scalar_i500n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-0730
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.54% / 41.23%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_appscann/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-0829
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.71% / 48.98%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

Action-Not Available
Vendor-mibewn/a
Product-mibew_messengern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34792
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8||HIGH
EPSS-0.47% / 37.29%
||
7 Day CHG+0.05%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

Action-Not Available
Vendor-Jenkins
Product-recipeJenkins Recipe Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-2908
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-1.57% / 72.32%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_soa_platformjboss_enterprise_brms_platformjboss_enterprise_portal_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-5084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

Action-Not Available
Vendor-e107n/a
Product-e107n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27198
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8||HIGH
EPSS-0.49% / 38.61%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Action-Not Available
Vendor-Jenkins
Product-cloudbees_aws_credentialsJenkins CloudBees AWS Credentials Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-15062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.61% / 45.10%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 22:54
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

Action-Not Available
Vendor-n/aDolibarr ERP & CRM
Product-dolibarr_erp\/crmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 10:30
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.

Action-Not Available
Vendor-rainworxn/a
Product-auctionworxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1150
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-1.30% / 66.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-0540
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6||MEDIUM
EPSS-1.27% / 66.39%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.29% / 81.09%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xencenterwebn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.68% / 47.80%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-oscommercen/a
Product-oscommercen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-6048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.48% / 37.87%
||
7 Day CHG~0.00%
Published-04 Feb, 2009 | 15:10
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-tangocmsn/a
Product-tangocmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-6331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.48% / 38.20%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-streber-pmn/a
Product-strebern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-5941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.48% / 37.87%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

Action-Not Available
Vendor-modxcmsn/a
Product-modxcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-5918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.78% / 51.56%
||
7 Day CHG~0.00%
Published-10 Nov, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Action-Not Available
Vendor-ms_topsitesn/a
Product-ms_topsitesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20787
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.43% / 34.25%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:50
Updated-06 Nov, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-6.77% / 93.20%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Action-Not Available
Vendor-n/aJenkins
Product-mailern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.96% / 77.92%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 03:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.

Action-Not Available
Vendor-typesettercmsn/a
Product-typesettern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-2.91% / 85.30%
||
7 Day CHG-0.06%
Published-18 Feb, 2018 | 06:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.

Action-Not Available
Vendor-tejarin/a
Product-bravo_solutionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found