Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-25015

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Sep, 2020 | 17:34
Updated At-04 Aug, 2024 | 15:26
Rejected At-
Credits

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Sep, 2020 | 17:34
Updated At:04 Aug, 2024 | 15:26
Rejected At:
▼CVE Numbering Authority (CNA)

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
x_refsource_MISC
https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/
x_refsource_MISC
http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html
x_refsource_MISC
Hyperlink: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Resource:
x_refsource_MISC
Hyperlink: https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
x_refsource_MISC
x_transferred
https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Sep, 2020 | 18:15
Updated At:16 Nov, 2022 | 14:14

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
genexis
genexis
>>platinum_4410_firmware>>p4410-v2-1.28
cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*
genexis
genexis
>>platinum_4410>>2.1
cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/cve@mitre.org
Exploit
Third Party Advisory
https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

942Records found
CVE-2020-28137
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.74%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 16:26
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.

Action-Not Available
Vendor-genexisn/a
Product-platinum_4410platinum_4410_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.95%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:08
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Action-Not Available
Vendor-yourinspirationwebn/a
Product-beauty-premiumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-28 Mar, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter.

Action-Not Available
Vendor-adminofsystemn/aWordPress.org
Product-wp_related_postswordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.07%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-o2_dsl_router_classicn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23590
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.44%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2353
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.22%
||
7 Day CHG~0.00%
Published-09 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in microweber/microweber

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-22334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.40%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.

Action-Not Available
Vendor-beescmsn/a
Product-beescmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.22%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-tincann/a
Product-phplistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-17789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.49%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:08
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prospecta Master Data Online (MDO) allows CSRF.

Action-Not Available
Vendor-prospectan/a
Product-master_data_onlinen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-25 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-network-13n/a
Product-n-13_newsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1543
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.87%
||
7 Day CHG~0.00%
Published-29 Apr, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2296
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.

Action-Not Available
Vendor-Jenkins
Product-shared_objectsJenkins Shared Objects Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through 3.6.

Action-Not Available
Vendor-Smartsupp
Product-Smartsupp – live chat, chatbots, AI and lead generation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2388
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.36%
||
7 Day CHG+0.01%
Published-22 Aug, 2022 | 15:02
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Coder < 2.5.3 - Code Deletion via CSRF

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-wp_coderWP Coder – add custom html, css and js code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2355
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG+0.02%
Published-08 Aug, 2022 | 13:46
Updated-27 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin

Action-Not Available
Vendor-easy_username_updater_projectUnknown
Product-easy_username_updaterEasy Username Updater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-20 Feb, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation

Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.

Action-Not Available
Vendor-accesspressthemesAccessPress Themes
Product-access_demo_importerAccess Demo Importer (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2449
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.65%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

Action-Not Available
Vendor-resmush.itUnknown
Product-resmush.it_image_optimizerreSmush.it : the only free Image Optimizer & compress plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.

Action-Not Available
Vendor-icegramn/a
Product-icegram_engagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 20:44
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3878
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.09% / 27.05%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 19:27
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.

Action-Not Available
Vendor-ponzu-cmsn/a
Product-ponzun/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-22273
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 17:03
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)

Action-Not Available
Vendor-n/aCreativeitem
Product-neoflex_video_subscription_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29020
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 22:31
Updated-04 Feb, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site request forgery token fixation in fastify-passport

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`.

Action-Not Available
Vendor-fastifyfastify
Product-passportfastify-passport
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-384
Session Fixation
CVE-2023-28949
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 01:47
Updated-02 Aug, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management cross-site request forgery

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_management_doorsengineering_requirements_management_doors_web_accessEngineering Requirements Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22359
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

Action-Not Available
Vendor-IBM Corporation
Product-partner_engagement_managerpartner_engagement_manager_on_cloud\/saasSterling Partner Engagement Manager on CloudSterling Partner Engagement Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28780
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.81%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:45
Updated-02 Aug, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.

Action-Not Available
Vendor-yoastYoast
Product-yoast_local_seoYoast Local Premium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-16 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

Action-Not Available
Vendor-tomaz-murausn/a
Product-open_blogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2273
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-elastestJenkins ElasTest Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-40601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 00:00
Updated-27 Oct, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-26841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.23%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

Action-Not Available
Vendor-churchcrmn/a
Product-churchcrmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 22:12
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.

Action-Not Available
Vendor-5nonen/a
Product-nonecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2295
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

Action-Not Available
Vendor-barchartJenkins
Product-maven_cascade_releaseJenkins Maven Cascade Release Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.45%
||
7 Day CHG~0.00%
Published-18 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

Action-Not Available
Vendor-n/aFedora ProjectThe Drupal Association
Product-fedoradrupaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.35%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

Action-Not Available
Vendor-online_food_ordering_system_projectn/a
Product-online_food_ordering_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27520
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Action-Not Available
Vendor-epsonSEIKO EPSON CORPORATION
Product-lp-s5000_firmwaresc-s60650lsc-t5250d_firmwarepx-b500sc-px5v2prifnw7s_firmwaresc-t7255sc-s70650_firmwarepx-5vsc-p7050px-7500n_firmwaresc-t7250dsc-s30650sc-t3050sc-p6050_firmwaresc-s80650lpx-f10000sc-t3050_firmwareesnsb1sc-s50650_firmwarelp-s5300sc-f7200lp-9200c_firmwarelp-s6500_firmwarelp-s4500_firmwareprifnw3s_firmwaresc-t5255lp-s310nsc-t7250lp-s6000_firmwarepx-h10000lp-s4500lp-8200clp-9200ps2_firmwareprifnw2px-h7000sc-f6000tm-c3400lp-9200ps2lp-9200ps3px-h6000sc-p6050lp-s5300_firmwareprifnw2ac_firmwarepx-6250s_firmwareprifnw7ssc-f6350_firmwarelp-9200csc-p9050lp-8500cpx-7550_firmwarepx-h9000_firmwarelp-s3000z_firmwaresc-t3255_firmwarepa-w11gpx-w8000_firmwareesnsb1_firmwarepx-h8000_firmwareprifnw2spa-w11g2_firmwarelp-s3000pa-w11g_firmwaretm-c3400_firmwarepx-b510px-6550_firmwarestylus_pro_gs6000px-7500npx-5800prifnw6sc-s80650_firmwarepx-7550sstylus_pro_gs6000_firmwaresc-t5050_firmwarelp-9200ps3_firmwarelp-s4200px-f8000tm-c3500_firmwaresc-t7255d_firmwareprifnw1stm-c7500px-h6000_firmwarepx-7v_firmwarepx-5002sc-p20050_firmwarelp-s3000rlp-s7500_firmwaresc-f7200_firmwaresc-s80650l_firmwarepx-6250slp-s310n_firmwarelp-s3000_firmwarepx-9550s_firmwarepx-h7000_firmwaresc-f2000_firmwaresc-f2150px-5v_firmwarepx-9550_firmwarelp-s6500px-f8000_firmwaresc-f7100px-9500n_firmwareesnsb2_firmwaresc-p8050sc-f9450sc-f9450hlp-s5300r_firmwaresc-s60650_firmwarepx-h9000lp-s300nprifnw2s_firmwaresc-t5250dsc-t7250d_firmwaresc-t7255_firmwaresc-f9450h_firmwareprifnw1_firmwaresc-p10050_firmwarepx-h8000lp-s8100lp-s9000px-9550ssc-s80650lp-s5300rsc-s40650_firmwaresc-s30650_firmwaresc-t5250prifnw2acsc-t3250_firmwarelp-s3000r_firmwarelp-s6000sc-px7v2sc-p9050_firmwarelp-s4000_firmwarelp-s7000esnsb2esifnw1_firmwareprifnw3_firmwarelp-s7000_firmwarelp-8200c_firmwarelp-s5500px-f10000_firmwarepx-h10000_firmwareprifnw3spx-w8000px-b500_firmwarepx-7550s_firmwarelp-9200b_firmwaresc-t7255dtm-c3500sc-f9200_firmwareprifnw2sac_firmwarelp-s5000px-b510_firmwareprifnw1s_firmwarelp-s3000zprifnw1sc-f2150_firmwareesifnw1lp-8500c_firmwaresc-f6350sc-p8050_firmwaresc-s70650tm-c7500_firmwaresc-f9350prifnw7u_firmwarelp-9800c_firmwareprifnw7upx-7550prifnw2_firmwaresc-t7250_firmwarelp-9200bsc-f7100_firmwarepx-20000_firmwarelp-s9000_firmwarepx-9550lp-s4200_firmwaresc-t5255dsc-f9450_firmwareprifnw3prifnw7sc-t5050sc-s40650lp-s8100_firmwarepa-w11g2sc-s60650lp-s3500lp-8700ps3lp-s7500sc-t7050_firmwarelp-s3000ps_firmwaresc-t3250sc-px5v2_firmwaresc-f9200lp-9800csc-t3255px-9500nsc-px7v2_firmwarelp-s5500_firmwarelp-8700ps3_firmwarelp-s4000sc-s60650l_firmwarepx-5002_firmwaresc-f6000_firmwarelp-9300sc-t7050px-5800_firmwarepx-6550sc-f6200_firmwarelp-s3500_firmwarelp-9600sc-f9350_firmwareprifnw6_firmwarelp-9600_firmwarelp-9300_firmwaresc-t5250_firmwaresc-t5255_firmwaresc-p5050_firmwarelp-s7100_firmwaresc-p20050px-f8000mprifnw7_firmwaresc-p7050_firmwaresc-s50650lp-s7500pslp-s3000pslp-s7500ps_firmwarepx-20000sc-f6200px-f8000m_firmwaresc-f2000prifnw2saclp-9600ssc-p10050sc-t5255d_firmwaresc-px3vlp-s300n_firmwarelp-9600s_firmwaresc-p5050px-7vsc-px3v_firmwarelp-s7100SEIKO EPSON printers/network interface Web Config
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22500
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-06 Feb, 2021 | 01:03
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-application_performance_managementApplication Performance Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-28 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action.

Action-Not Available
Vendor-pacifictimesheetn/a
Product-pacific_timesheetn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.17%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 19:16
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.

Action-Not Available
Vendor-wdjan/a
Product-wdja_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:19
Updated-02 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.

Action-Not Available
Vendor-pagupPagup
Product-better_robots.txtWordPress Robots.txt optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2146
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 32.95%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 10:36
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

Action-Not Available
Vendor-import_csv_files_projectUnknown
Product-import_csv_filesImport CSV Files
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2303
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-active_directoryJenkins Active Directory Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.

Action-Not Available
Vendor-n/aNovell
Product-suse_linuxsuse_lifecycle_management_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.48%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2237
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.

Action-Not Available
Vendor-Jenkins
Product-flaky_test_handlerJenkins Flaky Test Handler Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.24%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 15:57
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

Action-Not Available
Vendor-maccmsn/a
Product-maccmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 22:37
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.

Action-Not Available
Vendor-wagecms_projectn/a
Product-wage-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2147
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.19%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-macJenkins Mac Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 22:39
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.

Action-Not Available
Vendor-opms_projectn/a
Product-opmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found