Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-14346

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Aug, 2019 | 14:23
Updated At-05 Aug, 2024 | 00:12
Rejected At-
Credits

Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Aug, 2019 | 14:23
Updated At:05 Aug, 2024 | 00:12
Rejected At:
▼CVE Numbering Authority (CNA)

Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.adive.es/
x_refsource_MISC
https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
x_refsource_MISC
http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html
x_refsource_MISC
Hyperlink: https://www.adive.es/
Resource:
x_refsource_MISC
Hyperlink: https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.adive.es/
x_refsource_MISC
x_transferred
https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.adive.es/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Aug, 2019 | 15:15
Updated At:13 Aug, 2019 | 19:07

Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
schben
schben
>>adive>>2.0.7
cpe:2.3:a:schben:adive:2.0.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/cve@mitre.org
Exploit
Third Party Advisory
https://www.adive.es/cve@mitre.org
Product
Hyperlink: http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.adive.es/
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

1565Records found
CVE-2020-20595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 22:39
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.

Action-Not Available
Vendor-opms_projectn/a
Product-opmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.99%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 21:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

Action-Not Available
Vendor-wtcms_projectn/a
Product-wtcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-10295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.82%
||
7 Day CHG~0.00%
Published-22 Apr, 2018 | 14:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.

Action-Not Available
Vendor-chemcms_projectn/a
Product-chemcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2192
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.

Action-Not Available
Vendor-Jenkins
Product-self-organizing_swarm_modulesJenkins Self-Organizing Swarm Plug-in Modules Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 12:47
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.

Action-Not Available
Vendor-godaddyn/a
Product-godaddy_email_marketingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:25
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-editor plugin before 1.2.6 for WordPress has CSRF.

Action-Not Available
Vendor-benjaminrojasn/a
Product-wp_editorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2186
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:45
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.

Action-Not Available
Vendor-Jenkins
Product-amazon_ec2Jenkins Amazon EC2 Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-10137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 35.51%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.

Action-Not Available
Vendor-iscriptsn/a
Product-uberforxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1000218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.

Action-Not Available
Vendor-n/aElasticsearch BV
Product-kibana_reportingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.07%
||
7 Day CHG~0.00%
Published-22 Jul, 2010 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items.

Action-Not Available
Vendor-atutorn/a
Product-acollabn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 20:32
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.

Action-Not Available
Vendor-qibosoftn/a
Product-qibosoftn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0259
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mate_collectorCisco MATE Collector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2141
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:00
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.

Action-Not Available
Vendor-Jenkins
Product-p4Jenkins P4 Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

Action-Not Available
Vendor-scriptsezn/a
Product-ez_blogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2184
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-2.00% / 82.94%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:45
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-current_versions_systemsJenkins CVS Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-6490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 20:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

Action-Not Available
Vendor-falconn/a
Product-series_one_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2215
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-zephyr_for_jira_test_managementJenkins Zephyr for JIRA Test Management Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-9863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-05 Aug, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Action-Not Available
Vendor-sman/a
Product-sunny_central_storage_800sunny_central_630cp_xt_firmwaresunny_boy_5000tlsunny_boy_5.0_firmwaresunny_boy_3600sunny_boy_3600tlsunny_boy_3.0_firmwaresunny_central_storage_800_firmwaresunny_central_800cp_xt_firmwaresunny_tripower_25000tlsunny_boy_3600_firmwaresunny_central_720cp_xt_firmwaresunny_central_storage_500sunny_tripower_25000tl_firmwaresunny_central_2200_firmwaresunny_tripower_5000tlsunny_tripower_20000tl_firmwaresunny_central_storage_850sunny_central_storage_900_firmwaresunny_tripower_15000tl_firmwaresunny_central_storage_720_firmwaresunny_tripower_12000tlsunny_central_storage_2200sunny_tripower_60_firmwaresunny_central_760cp_xtsunny_boy_4.0_firmwaresunny_central_storage_2500-evsunny_central_850cp_xt_firmwaresunny_central_500cp_xt_firmwaresunny_boy_5000sunny_boy_1.5sunny_central_800cp_xtsunny_central_storage_1000_firmwaresunny_tripower_20000tlsunny_central_storage_2200_firmwaresunny_central_storage_850_firmwaresunny_central_storage_630_firmwaresunny_central_storage_760_firmwaresunny_boy_3.6sunny_central_storage_630sunny_central_500cp_xtsunny_tripower_core1_firmwaresunny_central_720cp_xtsunny_tripower_core1sunny_central_storage_500_firmwaresunny_boy_4000tlsunny_central_630cp_xtsunny_boy_3600tl_firmwaresunny_boy_4.0sunny_boy_2.5sunny_central_storage_760sunny_central_760cp_xt_firmwaresunny_tripower_15000tlsunny_boy_storage_2.5sunny_boy_5000_firmwaresunny_central_storage_900sunny_boy_1.5_firmwaresunny_boy_3000tlsunny_boy_2.5_firmwaresunny_boy_4000tl_firmwaresunny_central_storage_1000sunny_boy_storage_2.5_firmwaresunny_tripower_5000tl_firmwaresunny_tripower_60sunny_central_900cp_xt_firmwaresunny_boy_5000tl_firmwaresunny_central_storage_2500-ev_firmwaresunny_central_2200sunny_explorersunny_boy_3.0sunny_central_1000cp_xt_firmwaresunny_central_storage_720sunny_boy_5.0sunny_boy_3.6_firmwaresunny_central_850cp_xtsunny_central_900cp_xtsunny_tripower_12000tl_firmwaresunny_boy_3000tl_firmwaresunny_central_1000cp_xtn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-8930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.30%
||
7 Day CHG~0.00%
Published-14 May, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

Action-Not Available
Vendor-simpleinvoicesn/a
Product-simple_invoicesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 21:17
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.

Action-Not Available
Vendor-emlogn/a
Product-emlogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2203
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.

Action-Not Available
Vendor-Jenkins
Product-fortify_on_demandJenkins Fortify on Demand Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-4541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 60.11%
||
7 Day CHG~0.00%
Published-27 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.

Action-Not Available
Vendor-olaten/a
Product-olatedownloadn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-15 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.

Action-Not Available
Vendor-srcms_projectn/a
Product-srcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 14:17
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

Action-Not Available
Vendor-phpmywindn/a
Product-phpmywindn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3633
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-02 Nov, 2009 | 15:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 17:44
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

Action-Not Available
Vendor-mipcmsn/a
Product-mipcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 19:09
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.

Action-Not Available
Vendor-ec_cloud_e-commerce_system_projectn/a
Product-ec_cloud_e-commerce_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-7877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.90%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.

Action-Not Available
Vendor-flatcoren/a
Product-flatcore-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 21:07
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.

Action-Not Available
Vendor-domainmodn/a
Product-domainmodn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-7635
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.

Action-Not Available
Vendor-n/aQNAP Systems, Inc.
Product-nas_proxy_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 04:00
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.

Action-Not Available
Vendor-white_shark_systems_projectn/a
Product-white_shark_systemsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-17901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.53%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 18:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2091
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:57
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cache Images < 3.2.1 - Image Upload / Import via CSRF

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.

Action-Not Available
Vendor-cache_images_projectUnknown
Product-cache_imagesCache Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20650
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.90%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 06:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-ncc-ewf100rmwh2ncc-ewf100rmwh2_firmwareNCC-EWF100RMWH2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-13 Mar, 2017 | 06:14
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).

Action-Not Available
Vendor-keekoonvisionn/a
Product-kk002_ip_camerakk002_ip_camera_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.28%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 16:06
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.

Action-Not Available
Vendor-hooskn/a
Product-hooskn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 16:54
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.

Action-Not Available
Vendor-puppycmsn/a
Product-puppycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 18:18
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

Action-Not Available
Vendor-thinkcmfn/a
Product-thinkcmfn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-10504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.74%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 13:06
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.

Action-Not Available
Vendor-chadhaajayn/a
Product-phpkbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 21:17
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

Action-Not Available
Vendor-cmsuno_projectn/a
Product-cmsunon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0720
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.76%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Action-Not Available
Vendor-clusterlabsn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxpcsfedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.76%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 20:19
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.

Action-Not Available
Vendor-erident_custom_login_and_dashboard_projectn/a
Product-erident_custom_login_and_dashboardn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.86%
||
7 Day CHG~0.00%
Published-03 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.

Action-Not Available
Vendor-materan/a
Product-bancon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:40
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.

Action-Not Available
Vendor-field_test_projectn/a
Product-field_testn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-27 Aug, 2019 | 11:21
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-rollback plugin before 1.2.3 for WordPress has CSRF.

Action-Not Available
Vendor-impressn/a
Product-wp_rollbackn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0295
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.07%
||
7 Day CHG~0.00%
Published-28 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

Action-Not Available
Vendor-n/aIBM Corporation
Product-bigfix_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:18
Updated-27 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.

Action-Not Available
Vendor-vivwebsolutionsn/a
Product-dynamic_widgetsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-13032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-01 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.

Action-Not Available
Vendor-ecessan/a
Product-shieldlink_sl175ehq_firmwareshieldlink_sl175ehqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15156
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:10
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS due to lack of CSRF validation for replying/publishing

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Action-Not Available
Vendor-nodebbpsychobunny
Product-blog_commentsnodebb-plugin-blog-comments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.68%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 11:42
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

Action-Not Available
Vendor-cakefoundationn/a
Product-cakephpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 31
  • 32
  • Next
Details not found