Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-1213

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-26 Mar, 2018 | 18:00
Updated At-16 Sep, 2024 | 22:52
Rejected At-
Credits

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:26 Mar, 2018 | 18:00
Updated At:16 Sep, 2024 | 22:52
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

Affected Products
Vendor
Dell Inc.Dell EMC
Product
Isilon OneFS
Versions
Affected
  • versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2
Problem Types
TypeCWE IDDescription
textN/ACross-Site Request Forgery Vulnerability
Type: text
CWE ID: N/A
Description: Cross-Site Request Forgery Vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/103033
vdb-entry
x_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-list
x_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
x_refsource_MISC
https://www.exploit-db.com/exploits/44039/
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/103033
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://seclists.org/fulldisclosure/2018/Mar/50
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
Resource:
x_refsource_MISC
Hyperlink: https://www.exploit-db.com/exploits/44039/
Resource:
exploit
x_refsource_EXPLOIT-DB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/103033
vdb-entry
x_refsource_BID
x_transferred
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-list
x_refsource_FULLDISC
x_transferred
https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
x_refsource_MISC
x_transferred
https://www.exploit-db.com/exploits/44039/
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103033
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2018/Mar/50
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/44039/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:26 Mar, 2018 | 18:29
Updated At:19 Apr, 2018 | 14:58

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Dell Inc.
dell
>>emc_isilon_onefs>>Versions from 7.2.1.0(inclusive) to 7.2.1.6(inclusive)
cpe:2.3:a:dell:emc_isilon_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_isilon_onefs>>Versions from 8.0.0.0(inclusive) to 8.0.0.6(inclusive)
cpe:2.3:a:dell:emc_isilon_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_isilon_onefs>>Versions from 8.0.1.0(inclusive) to 8.0.1.2(inclusive)
cpe:2.3:a:dell:emc_isilon_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_isilon_onefs>>Versions from 8.1.0.0(inclusive) to 8.1.0.1(inclusive)
cpe:2.3:a:dell:emc_isilon_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_isilon_onefs>>7.1.1.11
cpe:2.3:a:dell:emc_isilon_onefs:7.1.1.11:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_isilon_onefs>>8.1.0.2
cpe:2.3:a:dell:emc_isilon_onefs:8.1.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2018/Mar/50security_alert@emc.com
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/103033security_alert@emc.com
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitiessecurity_alert@emc.com
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44039/security_alert@emc.com
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2018/Mar/50
Source: security_alert@emc.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/103033
Source: security_alert@emc.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/44039/
Source: security_alert@emc.com
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2467Records found

CVE-2014-0969
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 48.45%
||
7 Day CHG~0.00%
Published-17 Aug, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_master_data_management_server_for_product_information_managementinfosphere_master_data_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0621
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.04% / 59.90%
||
7 Day CHG~0.00%
Published-08 Jan, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200_firmwaretc7200n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0864
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.52% / 82.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_credit_limitsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-10008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 69.50%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.

Action-Not Available
Vendor-iwcnn/a
Product-stark_crmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0641
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 46.34%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-rsa_archer_egrcn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-1211
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.29% / 66.75%
||
7 Day CHG~0.00%
Published-17 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcloud_directorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0594
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-0.83% / 53.15%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 17:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF protection incorrectly disabled

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceOpen Build Service
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0197
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.68% / 48.04%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 12:48
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFME: CSRF protection vulnerability via permissive check of the referrer header

Action-Not Available
Vendor-CFMERed Hat, Inc.
Product-cloudforms_management_enginecloudformsCFME
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0570
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-2.52% / 82.93%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0336
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 48.79%
||
7 Day CHG+0.01%
Published-06 Mar, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.

Action-Not Available
Vendor-serenan/a
Product-dimensions_cmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.54% / 83.04%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.93% / 77.50%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortianalyzer-3000dfortianalyzer-300dfortianalyzer-4000bfortianalyzer-2000bfortianalyzer_firmwarefortianalyzer-1000dfortianalyzer-200dn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6976
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.65% / 88.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3925n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.82%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 17:02
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.

Action-Not Available
Vendor-tuzicmsn/a
Product-tuzicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.88% / 85.16%
||
7 Day CHG~0.00%
Published-15 Nov, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.

Action-Not Available
Vendor-sunil_nandan/a
Product-blue_wrench_video_widgetn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6710
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 64.51%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_training_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6883
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.51% / 82.82%
||
7 Day CHG~0.00%
Published-17 Dec, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

Action-Not Available
Vendor-cru-incn/a
Product-ditto_forensic_fieldstation_firmwareditto_forensic_fieldstationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.84% / 88.84%
||
7 Day CHG~0.00%
Published-30 Dec, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.22%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 19:58
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0126
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-22 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7407
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 43.28%
||
7 Day CHG~0.00%
Published-22 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-mrbs_modulen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 51.91%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 00:00
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.

Action-Not Available
Vendor-csrf-magic_projectn/a
Product-csrf-magicn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0010
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 61.49%
||
7 Day CHG~0.00%
Published-20 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Action-Not Available
Vendor-n/aMoodle Pty LtdFedora Project
Product-moodlefedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 56.98%
||
7 Day CHG+0.01%
Published-11 Mar, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290.

Action-Not Available
Vendor-imagecmsn/a
Product-imagecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7107
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-14 Jan, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.

Action-Not Available
Vendor-icingan/a
Product-icingan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.88% / 54.59%
||
7 Day CHG+0.01%
Published-10 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controller_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 64.42%
||
7 Day CHG~0.00%
Published-02 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.

Action-Not Available
Vendor-fatfreecrmn/a
Product-fat_free_crmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6346
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 43.28%
||
7 Day CHG~0.00%
Published-02 Nov, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aNovell
Product-zenworks_configuration_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 45.04%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 14:21
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.

Action-Not Available
Vendor-windun/a
Product-windu_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6429
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-90.45% / 99.79%
||
7 Day CHG~0.00%
Published-26 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2013-7259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.25% / 65.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.

Action-Not Available
Vendor-neo4jn/a
Product-neo4jn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-6443
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 44.45%
||
7 Day CHG~0.00%
Published-23 Jan, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudformscloudforms_3.0_management_enginen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-10.60% / 95.23%
||
7 Day CHG~0.00%
Published-17 Jan, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.

Action-Not Available
Vendor-conceptronicn/a
Product-cipcamptiwlcipcamptiwl_1.0_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4881
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.20% / 80.34%
||
7 Day CHG~0.00%
Published-19 Aug, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6188
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.98% / 57.89%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 53.22%
||
7 Day CHG+0.01%
Published-14 Mar, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5494
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.82% / 52.70%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplaceunified_meetingplace_web_conferencingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-27146
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-5||MEDIUM
EPSS-0.33% / 24.51%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 17:50
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO iProcess Workspace Browser CSRF

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-iprocess_workspace_browserTIBCO iProcess Workspace (Browser)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26766
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.64% / 46.09%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 01:54
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.

Action-Not Available
Vendor-user_registration_\&_login_and_user_management_system_with_admin_panel_projectn/a
Product-user_registration_\&_login_and_user_management_system_with_admin_paneln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5443
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.82% / 52.70%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_expressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6192
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.97% / 57.54%
||
7 Day CHG~0.00%
Published-17 Dec, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6173
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-1.30% / 66.87%
||
7 Day CHG~0.00%
Published-21 Nov, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-document_sciences_xpressionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5427
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.57% / 42.98%
||
7 Day CHG~0.00%
Published-04 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_master_data_management_server_for_product_information_managementinfosphere_master_data_management_collaboration_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 54.94%
||
7 Day CHG~0.00%
Published-19 Aug, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.27% / 80.90%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.

Action-Not Available
Vendor-ritecmsn/a
Product-ritecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16550
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.64% / 46.20%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 14:40
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Action-Not Available
Vendor-Jenkins
Product-mavenJenkins Maven Release Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5355
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 46.34%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors.

Action-Not Available
Vendor-sharetronixn/a
Product-sharetronixn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.99% / 78.19%
||
7 Day CHG~0.00%
Published-12 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.

Action-Not Available
Vendor-simpleriskn/a
Product-simpleriskn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4240
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-02 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.

Action-Not Available
Vendor-hitmyservern/a
Product-hms_testimonialsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 60.48%
||
7 Day CHG~0.00%
Published-25 Apr, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-ddsnn/a
Product-cm3_acora_content_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 49
  • 50
  • Next
Details not found