Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-12826

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jul, 2019 | 17:56
Updated At-04 Aug, 2024 | 23:32
Rejected At-
Credits

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jul, 2019 | 17:56
Updated At:04 Aug, 2024 | 23:32
Rejected At:
▼CVE Numbering Authority (CNA)

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/9413
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9403
x_refsource_MISC
Hyperlink: https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
Resource:
x_refsource_MISC
Hyperlink: https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
Resource:
x_refsource_CONFIRM
Hyperlink: https://wpvulndb.com/vulnerabilities/9413
Resource:
x_refsource_MISC
Hyperlink: https://wpvulndb.com/vulnerabilities/9403
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
x_refsource_MISC
x_transferred
https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
x_refsource_CONFIRM
x_transferred
https://wpvulndb.com/vulnerabilities/9413
x_refsource_MISC
x_transferred
https://wpvulndb.com/vulnerabilities/9403
x_refsource_MISC
x_transferred
Hyperlink: https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/9413
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/9403
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jul, 2019 | 18:15
Updated At:31 Jul, 2019 | 08:15

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
wpchef
wpchef
>>widget_logic>>Versions before 5.10.2(exclusive)
cpe:2.3:a:wpchef:widget_logic:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://dannewitz.ninja/posts/widget-logic-csrf-to-rcecve@mitre.org
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2112753/widget-logiccve@mitre.org
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9403cve@mitre.org
N/A
https://wpvulndb.com/vulnerabilities/9413cve@mitre.org
N/A
Hyperlink: https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wpvulndb.com/vulnerabilities/9403
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://wpvulndb.com/vulnerabilities/9413
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2457Records found
CVE-2018-6941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.55% / 85.20%
||
7 Day CHG~0.00%
Published-20 Feb, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.

Action-Not Available
Vendor-nat32n/a
Product-nat32n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4258
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.04%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mse_8000_seriesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2196
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.74% / 72.46%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:08
Updated-29 Jul, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF Vulnerability in aimhubio/aim

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.

Action-Not Available
Vendor-aimstackaimhubioaimhubio
Product-aimaimhubio/aimaim
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7097
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-0.90% / 75.26%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6504
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.89%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

Action-Not Available
Vendor-Micro Focus International Limited
Product-arcsight_management_centerArcSight Management Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 14:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.

Action-Not Available
Vendor-flickrrss_projectn/a
Product-flickrrssn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-1459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-28 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.

Action-Not Available
Vendor-razorcmsn/a
Product-razorcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.59%
||
7 Day CHG~0.00%
Published-08 Jun, 2009 | 19:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

Action-Not Available
Vendor-dokeosn/a
Product-dokeosn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7060
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.89%
||
7 Day CHG-0.01%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-clearpassAruba ClearPass
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4530
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_webtopdocumentum_administratordocumentum_web_publisherdocumentum_digital_asset_managerdocumentum_taskspacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.

Action-Not Available
Vendor-registration_codes_projectn/a
Product-registration_codesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-8830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 17:12
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.

Action-Not Available
Vendor-commscopen/a
Product-ruckus_zoneflex_r500ruckus_zoneflex_r500_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2015-3655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.05%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0056
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.13%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_encryption_applianceironport_postxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-5969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.69%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 10:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.

Action-Not Available
Vendor-photography_cms_projectn/a
Product-photography_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.

Action-Not Available
Vendor-rainmachinen/a
Product-rainmachine_web_applicationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.

Action-Not Available
Vendor-node_template_projectn/a
Product-node_templaten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4379
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.35%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.

Action-Not Available
Vendor-webform_multiple_file_upload_projectn/a
Product-webform_multiple_file_uploadn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page.

Action-Not Available
Vendor-semanticscuttlen/a
Product-semanticscuttlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.37% / 58.53%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.

Action-Not Available
Vendor-boxautomationn/a
Product-c2boxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-8419
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.01% / 0.35%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:58
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.12%
||
7 Day CHG~0.00%
Published-18 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.

Action-Not Available
Vendor-labsmedian/a
Product-clickheatn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.09%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.

Action-Not Available
Vendor-decisions_projectn/a
Product-decisionsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-5921
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.12%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 20:00
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

Action-Not Available
Vendor-HP Inc.
Product-j8a13a_firmwarecf068al2683af2a79a_firmwarez8z13a_firmwarej8a12aj8j78a_firmwarej8a10aj7z98af2a77aj7x28aj8a11a_firmwarel3u45ab5l26a_firmwarej8j76aj8a06al1h45al3u50aj8j74ap7z47al3u62a_firmwareh0dc9al3u57a_firmwaref2a81a_firmwarex3a71af2a71a_firmwared7p68a_firmwarez8z23a_firmwarel3u41a_firmwarecz248a_firmwarel3u63acz249a_firmwarex3a80a_firmwarel3u48ax3a81acf067a_firmwarel8z07a_firmwareg1w47vj8j80a_firmwareg1w41ap7z48ax3a65af2a80a_firmwarel3u69a_firmwarel3u43a_firmwarecd645a_firmwareb3g84ag1w39aj8j73a_firmwarec2s12vz8z01a_firmwareg1w39a_firmwarel3u67al3u70ab3g85a_firmwareg1w40vz8z16a_firmwarecc523a_firmwarez8z22a_firmwarec2s11v_firmwarecz249aj7z98a_firmwarex3a62a_firmwarecf066a_firmwarez8z11a_firmwarej8j74a_firmwaref2a71am0p36aa2w75a_firmwareg1w46vl3u49acf117a_firmwarej8a17al3u42a_firmwarecf116aj8j79az8z08a_firmwarem0p40az8z21al3u51aa2w79a_firmwarea2w76a_firmwarec2s11vj8j66acz250a_firmwareh0dc9a_firmwarej8j71a_firmwarej8a10a_firmwarez8z08aj8j63ab5l46a_firmwarex3a80ap7z48a_firmwareb5l47a_firmwareb5l49aa2w77az8z11ad7p73ax3a63a_firmwarel1h45a_firmwarex3a66ak0q21az8z04ac2s12v_firmwarem0p39a_firmwarez8z12a_firmwarex3a60a_firmwarek0q22ag1w40ab3g85aa2w75az8z04a_firmwarecd644a_firmwarecz244a_firmwarec2s12al3u42az8z19al3u55a_firmwarez8z05a_firmwarecz245af2a70a_firmwarek0q17az8z21a_firmwareb5l39a_firmwareg1w47a_firmwarej7z06a_firmwarecz248al3u59a_firmwarex3a93a_firmwarex3a89al3u48a_firmwarez8z17a_firmwarex3a79a_firmwareg1w40a_firmwareca251a_firmwareb5l39aj7x28a_firmwarek0q18a_firmwared7p71a_firmwarek0q14a_firmwarex3a84a_firmwarel3u46a_firmwarecf069aa2w78a_firmwarex3a81a_firmwarek0q19ag1w41vx3a63aj8j71ax3a60aj8a16a_firmwarel3u43az8z18aj8a04a_firmwarek0q21a_firmwarel3u52a_firmwarex3a83a_firmwarecd645acf367a_firmwarel3u45a_firmwarecf068a_firmwarej8j80ad7p73a_firmwarecc522a_firmwarecc524a_firmwarez8z02aa2w78ax3a75a_firmwareb5l54a_firmwarel3u62ab5l48a_firmwarecc523aa2w79az8z09af2a78vj8j66a_firmwarel8z07ax3a79aa2w76aj8a06a_firmwarez8z02a_firmwarex3a74a_firmwarel2683a_firmwarel3u49a_firmwarex3a87a_firmwarex3a77af2a67a_firmwarex3a62ag1w41v_firmwarex3a65a_firmwarej8a16az8z14al3u60ax3a86az8z18a_firmwarej8j72a_firmwarecz245a_firmwarecc524az8z23al3u41az8z16al3u56a_firmwarej7z04a_firmwarex3a59acc522aj8j65a_firmwareg1w47v_firmwarec2s11am0p40a_firmwaree6b71a_firmwarex3a84az8z17aj8a13ae6b73a_firmwarecf069a_firmwarem0p33am0p35ap7z47a_firmwarecz250ad7p68ad7p70az8z13al3u44a_firmwarez8z19a_firmwarel3u47ac2s12a_firmwarel3u70a_firmwarex3a77a_firmwarel3u47a_firmwarem0p32aj8j64aj7z04acf118acd646a_firmwarel3u46aj8j70al3u69ax3a69a_firmwarel2762a_firmwarej7z99al3u57ax3a72a_firmwareca251am0p32a_firmwareg1w46v_firmwareb5l07ak0q20a_firmwarex3a66a_firmwareb5l07a_firmwaref2a79ax3a92aj8a17a_firmwareb5l05acz244aj8a12a_firmwarecf067az8z07a_firmwarez8z09a_firmwarex3a86a_firmwared7p70a_firmwareb5l06ak0q15a_firmwarez8z15a_firmwarek0q18ab5l50ag1w39v_firmwarel3u61az8z07ab5l04ak0q17a_firmwareg1w39vz8z05af2a76ax3a92a_firmwareb3g84a_firmwarel3u67a_firmwarem0p35a_firmwarez8z06a_firmwarel3u59aj8j72acf117acf118a_firmwarel3u64az8z03az8z03a_firmwarel3u51a_firmwarel3u44acf066aj8a05a_firmwarel3u55ab5l04a_firmwarek0q15al3u66a_firmwarek0q19a_firmwarea2w77a_firmwarej7z99a_firmwarej8j67ax3a83az8z01ab5l06a_firmwarez8z10a_firmwaref2a67aj8a05ax3a75ae6b73al3u61a_firmwarej8j64a_firmwareb5l47aj8j76a_firmwareb5l48af2a81az8z15ax3a78ab5l50a_firmwareb5l49a_firmwarej8j67a_firmwarel3u56aj8j63a_firmwarez8z06ab5l54al3u40a_firmwarel3u65al3u64a_firmwarecd644am0p33a_firmwareb5l46az8z00ax3a90am0p36a_firmwarex3a71a_firmwareg1w46a_firmwarel2762aj8j70a_firmwarec2s11a_firmwaree6b71aj8a11af2a76a_firmwarez8z22ab5l05a_firmwarex3a90a_firmwaref2a77a_firmwarex3a89a_firmwarez8z20al3u52acd646az8z10al3u65a_firmwarej7z06aj8j65al3u50a_firmwarex3a72ax3a78a_firmwareg1w40v_firmwarel3u66acf116a_firmwareb3g86ab3g86a_firmwarex3a59a_firmwarem0p39ax3a87ag1w41a_firmwarel3u63a_firmwarej8a04az8z00a_firmwarex3a74aj8j78az8z14a_firmwarek0q20al3u40ak0q22a_firmwarez8z20a_firmwarex3a68ak0q14ad7p71ax3a68a_firmwareg1w47aj8j79a_firmwarez8z12ag1w46ab5l26ax3a69af2a78v_firmwarej8j73af2a70af2a80ax3a93acf367aCertain HP Enterprise Printers, HP PageWide Printers, and MFP Products
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.55%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 19:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-wf2419_firmwarewf2419n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-19 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.

Action-Not Available
Vendor-fiverrscriptn/a
Product-fiverrscriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4254
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_advanced_media_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.57%
||
7 Day CHG~0.00%
Published-11 May, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.

Action-Not Available
Vendor-ehcpn/a
Product-easy_hosting_control_paneln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-8420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:58
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.63%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer.

Action-Not Available
Vendor-parsecgaminguncurl_projectn/a
Product-parsecuncurln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0648
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.96%
||
7 Day CHG~0.00%
Published-19 Feb, 2009 | 16:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2) edit_now actions.

Action-Not Available
Vendor-falt4n/a
Product-falt4_extremen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-19 Mar, 2009 | 10:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.

Action-Not Available
Vendor-phpfoxn/a
Product-phpfoxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0055
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.16%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_encryption_applianceironport_postxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4256
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.04%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_ip_vcr_3.0n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4189
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-data_center_analytics_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4267
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.79%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0039
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-6.01% / 90.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2009 | 14:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-geronimon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 58.09%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

Action-Not Available
Vendor-synametricsn/a
Product-xeamsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 46.10%
||
7 Day CHG~0.00%
Published-06 Feb, 2009 | 01:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.

Action-Not Available
Vendor-armorlogicn/a
Product-profense_web_application_firewalln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6224
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.54%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-email_encryption_gatewayTrend Micro Email Encryption Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-5658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.04%
||
7 Day CHG~0.00%
Published-13 Jan, 2018 | 00:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.

Action-Not Available
Vendor-responsive_coming_soon_page_projectn/a
Product-responsive_coming_soon_pagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.

Action-Not Available
Vendor-log_watcher_projectn/a
Product-log_watchern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-5656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.13%
||
7 Day CHG~0.00%
Published-13 Jan, 2018 | 00:00
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.

Action-Not Available
Vendor-weblizarn/a
Product-pinterest-feedsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0037
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-9.54% / 92.69%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Action-Not Available
Vendor-n/aCURL
Product-curllibcurln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-34.59% / 96.91%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

Action-Not Available
Vendor-netgaten/a
Product-pfsensen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-8461
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-interscan_web_security_virtual_applianceTrend Micro InterScan Web Security Virtual Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 42.38%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 22:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0716
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors.

Action-Not Available
Vendor-patternsn/a
Product-patternsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 49
  • 50
  • Next
Details not found