Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-21160

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Apr, 2020 | 21:29
Updated At-05 Aug, 2024 | 12:26
Rejected At-
Credits

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Apr, 2020 | 21:29
Updated At:05 Aug, 2024 | 12:26
Rejected At:
▼CVE Numbering Authority (CNA)

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.08.0HIGH
CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:R
Version: 3.0
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:R
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Apr, 2020 | 22:15
Updated At:30 Apr, 2020 | 16:18

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.08.0HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>readynas_os>>Versions from 6.0(inclusive) to 6.9.3(exclusive)
cpe:2.3:o:netgear:readynas_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3996Records found
CVE-2021-38705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.45%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:25
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.

Action-Not Available
Vendor-cliniccasesn/a
Product-cliniccasesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.70% / 85.28%
||
7 Day CHG~0.00%
Published-16 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.

Action-Not Available
Vendor-hulihanapplicationsn/a
Product-diamondlistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-3669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-26 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-scientific_atlanta_webstar_dpc2100r2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4884
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.07%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-basercmsbaserCMS Users Community
Product-basercmsbaserCMS plugin Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.34%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-3636
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-freeipan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4887
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.07%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-basercmsbaserCMS Users Community
Product-basercmsbaserCMS plugin Uploader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-20856
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_operationsVMware vRealize Operations (vROps)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 00:50
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.

Action-Not Available
Vendor-yuban/a
Product-u5cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.65%
||
7 Day CHG~0.00%
Published-26 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.

Action-Not Available
Vendor-dragonfrugaln/a
Product-dfd_cartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 22.29%
||
7 Day CHG~0.00%
Published-14 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.

Action-Not Available
Vendor-accorian/a
Product-rock_web_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-28195
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 17:16
Updated-15 Apr, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-yooooomiYooooomiyooooomi
Product-your_spotifyyour_spotifyyour_spotify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1971
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsinsight_software_installern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4504
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.87%
||
7 Day CHG~0.00%
Published-21 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

Action-Not Available
Vendor-meteocontroln/a
Product-weblogMeteocontrol WEB'log
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-21 Jun, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.

Action-Not Available
Vendor-odcmsn/a
Product-odcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-8101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

Action-Not Available
Vendor-s9yn/a
Product-serendipityn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.24%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.

Action-Not Available
Vendor-1234nn/a
Product-minicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-15781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 12:33
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.

Action-Not Available
Vendor-weblizarn/a
Product-social_likebox_\&_feedn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4430
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.84% / 85.68%
||
7 Day CHG~0.00%
Published-04 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms.

Action-Not Available
Vendor-letodmsn/a
Product-letodmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4069
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.44%
||
7 Day CHG~0.00%
Published-25 Aug, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSERoundcube Webmail Project
Product-leapwebmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1911
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-20 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

Action-Not Available
Vendor-jasperforgen/a
Product-jasperreports_server_community_projectn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.91%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-opencartn/a
Product-opencartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

Action-Not Available
Vendor-open-auditn/a
Product-open-auditn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 07:00
Updated-05 Aug, 2024 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content manager

Action-Not Available
Vendor-alkaconn/a
Product-opencmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-2085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-04 Jun, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-rtn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2231
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-28 Jun, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).

Action-Not Available
Vendor-zikulan/a
Product-zikula_application_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.29%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

Action-Not Available
Vendor-ldap-account-managern/aDebian GNU/Linux
Product-debian_linuxldap_account_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4820
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-iodatan/a
Product-etx-r_firmwareetx-rn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-7996
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-18 Nov, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1954
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.08%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.

Action-Not Available
Vendor-postrevn/a
Product-post_revolutionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wampserver before 3.1.3 has CSRF in add_vhost.php.

Action-Not Available
Vendor-wampservern/a
Product-wampservern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-2191
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 65.43%
||
7 Day CHG~0.00%
Published-07 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Action-Not Available
Vendor-cherokee-projectn/a
Product-cherokeen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.51%
||
7 Day CHG~0.00%
Published-21 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.

Action-Not Available
Vendor-chaos_tool_suite_projectn/a
Product-ctoolsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2157
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.19%
||
7 Day CHG-0.04%
Published-22 May, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3819
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-31 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

Action-Not Available
Vendor-frog_cms_projectn/a
Product-frog_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwebn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4845
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-5.58% / 89.92%
||
7 Day CHG~0.00%
Published-24 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

Action-Not Available
Vendor-iodatan/a
Product-hvl-a3.0_firmwarehvl-ahvl-at4.0_firmwarehvl-at2.0a_firmwarehvl-atahvl-at3.0a_firmwarehvl-at2.0_firmwarehvl-at1.0s_firmwarehvl-at3.0_firmwarehvl-a2.0_firmwarehvl-at4.0a_firmwarehvl-athvl-a4.0_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2234
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.53% / 66.31%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-couchdbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-3691
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.42%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.

Action-Not Available
Vendor-kallithea-scmn/a
Product-kallithean/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.49% / 64.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Action-Not Available
Vendor-tincann/a
Product-phplistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-9108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.81%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 04:00
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.

Action-Not Available
Vendor-quickappscmsn/a
Product-quickapps_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-13 Mar, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-trivoli_service_request_managertivoli_asset_management_for_itmaximo_service_deskmaximo_asset_management_essentialsmaximo_asset_managementtivoli_change_and_configuration_management_databasen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1341
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 37.96%
||
7 Day CHG~0.00%
Published-19 Aug, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data.

Action-Not Available
Vendor-aimluckn/a
Product-aipoaipo-aspn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1085
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 20:51
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF vulnerability in Smoothwall Express 3.

Action-Not Available
Vendor-smoothwallSmoothwall
Product-smoothwall_expressSmoothwall Express
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0535
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.32%
||
7 Day CHG~0.00%
Published-08 Feb, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Action-Not Available
Vendor-zikulan/a
Product-zikula_application_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 79
  • 80
  • Next
Details not found