Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20783

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-28 Jul, 2021 | 00:45
Updated At-03 Aug, 2024 | 17:53
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:28 Jul, 2021 | 00:45
Updated At:03 Aug, 2024 | 17:53
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.

Affected Products
Vendor
SoftBank
Product
Optical BB unit E-WMTA2.3
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
textN/ACross-site request forgery
Type: text
CWE ID: N/A
Description: Cross-site request forgery
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN34364599/index.html
x_refsource_MISC
Hyperlink: https://jvn.jp/en/jp/JVN34364599/index.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN34364599/index.html
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN34364599/index.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:30 Jul, 2021 | 14:15
Updated At:09 Aug, 2021 | 17:43

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
softbank
softbank
>>optical_bb_unit_e-wmta>>-
cpe:2.3:h:softbank:optical_bb_unit_e-wmta:-:*:*:*:*:*:*:*
softbank
softbank
>>optical_bb_unit_e-wmta_firmware>>2.3
cpe:2.3:o:softbank:optical_bb_unit_e-wmta_firmware:2.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN34364599/index.htmlvultures@jpcert.or.jp
Third Party Advisory
Hyperlink: https://jvn.jp/en/jp/JVN34364599/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4097Records found
CVE-2015-5686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.11%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 00:25
Updated-06 Aug, 2024 | 06:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisen/a
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4981
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-25 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-keil-softwaren/a
Product-photokorn_galleryn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-27 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.

Action-Not Available
Vendor-scriptezn/a
Product-mail_manager_pron/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.38%
||
7 Day CHG~0.00%
Published-25 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Action-Not Available
Vendor-accscriptsn/a
Product-acc_php_emailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5318
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-25 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-ubercartn/aThe Drupal Association
Product-drupalubercartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.

Action-Not Available
Vendor-hosting_projectn/a
Product-hostingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-0669
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-8.6||HIGH
EPSS-0.04% / 13.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:39
Updated-08 Jul, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BOINC Server Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.

Action-Not Available
Vendor-universityofcaliforniaBOINC
Product-boinc_serverBOINC Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.32%
||
7 Day CHG~0.00%
Published-27 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-phpwebscriptsn/a
Product-ad_manager_pron/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.06%
||
7 Day CHG~0.00%
Published-25 Nov, 2009 | 21:22
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

Action-Not Available
Vendor-redminen/a
Product-redminen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.

Action-Not Available
Vendor-auth0n/a
Product-auth0.jsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4121
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-01 Dec, 2009 | 02:00
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-opensolutionn/a
Product-quick.cms.litequick.cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5050
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-emptoris_contract_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-26 Oct, 2009 | 17:00
Updated-16 Sep, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-sjoerd_arendsenn/aThe Drupal Association
Product-drupalsimplenews_statisticsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-24 Nov, 2009 | 02:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.

Action-Not Available
Vendor-paul_beaneyn/aThe Drupal Association
Product-drupalphplistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-01 Oct, 2009 | 15:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

Action-Not Available
Vendor-cmsphp_projectn/a
Product-cmsphpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-93.34% / 99.80%
||
7 Day CHG-0.23%
Published-27 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.07%
||
7 Day CHG~0.00%
Published-23 Dec, 2009 | 18:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.

Action-Not Available
Vendor-sql-ledgern/a
Product-sql-ledgern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 20:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.

Action-Not Available
Vendor-vtigern/a
Product-vtiger_crmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7828
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.12%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:34
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

Action-Not Available
Vendor-n/a
Product-ime219-1ep_firmwareime119-1esime319-1ei_firmwareime219-1vi_firmwareime3122-1vp_firmwareime219-1vs_firmwareime319-1vs_firmwareime219-1esd6220ime219-1vp_firmwareixe31imes19-1eiime3122-1vpimes19-1sime3122-1epime219-1viimes19-1esime319-1eiime3122-1iimes19-1ep_firmwareimes19-1es_firmwared6220_firmwareime3122-b1iimes19-1s_firmwareime3122-b1s_firmwareime119-1vi_firmwared6230_firmwareime319-1s_firmwareime319-b1p_firmwareime319-1pime3122-b1pime319-1ep_firmwareime319-1vsime119-1vp_firmwareime219-1vpime219-1iime3122-1esixe21_firmwareime319-1p_firmwareime3122-1i_firmwareime319-1viimes19-1vsime119-1viimes19-1vp_firmwareime119-1pime3122-1vs_firmwareime219-1es_firmwareime319-1vpimes19-1vpime3122-1eiime319-b1s_firmwareimes19-1ei_firmwareime119-1ei_firmwareime219-1pixe11_firmwareime3122-1ei_firmwareime119-1vpime319-b1iixe31_firmwareime119-1vs_firmwareixes1ime219-1p_firmwareime3122-1ep_firmwareime3122-1vi_firmwareime219-1s_firmwareime119-1vsime119-1es_firmwareimes19-1epime219-1epime319-1vi_firmwareime119-1i_firmwareime119-1eiime319-1iimes19-1iime319-b1sime3122-1p_firmwareimes19-1vi_firmwareimes19-1vs_firmwareime3122-1sime119-1iimes19-1viimes19-1i_firmwareime319-1vp_firmwareime319-1i_firmwareimes19-1pime219-1sime319-b1i_firmwareime3122-1s_firmwareime219-1i_firmwareime3122-1viixe21d6230lime119-1p_firmwareime219-1eiime319-1es_firmwared6230l_firmwareime319-b1pime319-1esd6230ime3122-b1sime219-1ei_firmwareime119-1epd6220lime3122-1vsime219-1vsimes19-1p_firmwareime319-1epime3122-1es_firmwareime119-1sime119-1ep_firmwared6220l_firmwareixes1_firmwareime3122-b1i_firmwareime3122-b1p_firmwareime319-1sixe11ime119-1s_firmwareime3122-1pPelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 33.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2009 | 17:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule.

Action-Not Available
Vendor-chad_phillipsn/aThe Drupal Association
Product-userprotectdrupaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.58%
||
7 Day CHG~0.00%
Published-25 Nov, 2009 | 21:22
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.

Action-Not Available
Vendor-n/aRoundcube Webmail Project
Product-webmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 33.79%
||
7 Day CHG~0.00%
Published-01 Dec, 2009 | 02:00
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

Action-Not Available
Vendor-opensolutionn/a
Product-quick.cartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.58%
||
7 Day CHG~0.00%
Published-25 Nov, 2009 | 21:22
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.

Action-Not Available
Vendor-n/aRoundcube Webmail Project
Product-webmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0215
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.51%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:52
Updated-13 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update

The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).

Action-Not Available
Vendor-xootixXootiX
Product-side_cart_woocommercelogin\/signup_popupwaitlist_woocommerceLogin/Signup PopupSide Cart Woocommerce (Ajax)Waitlist Woocommerce ( Back in stock notifier )
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-26 Oct, 2009 | 17:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

Action-Not Available
Vendor-sjoerd_arendsenn/aThe Drupal Association
Product-drupalsimplenews_statisticsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5451
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.13%
||
7 Day CHG~0.00%
Published-23 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 17:09
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes.

Action-Not Available
Vendor-lullabotn/aThe Drupal Association
Product-fivestar_module_for_drupaldrupaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7677
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-3.5||LOW
EPSS-0.13% / 32.74%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in NetIQ Access Manager (NAM) Identity Server component

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.

Action-Not Available
Vendor-netiqNetIQ
Product-access_managerNetIQ Access Manager (NAM) Admin Console
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5631
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.09%
||
7 Day CHG~0.00%
Published-11 Sep, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-n/aCanon Inc.
Product-pixma_mg7500_series_inkjet_printern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 20:00
Updated-21 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

Action-Not Available
Vendor-itd-incn/a
Product-bingo\!cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.97%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.

Action-Not Available
Vendor-codestyling_localization_projectn/a
Product-codestyling_localizationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.53%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 14:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.

Action-Not Available
Vendor-campusvirtualcomputraden/a
Product-campus_virtual-lmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.

Action-Not Available
Vendor-n/aEnalean SAS
Product-tuleapn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.86% / 74.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

Action-Not Available
Vendor-cs-cartn/a
Product-cs-cartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.53%
||
7 Day CHG~0.00%
Published-19 Jun, 2009 | 17:32
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.

Action-Not Available
Vendor-elvinbtsn/a
Product-elvinbtsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5660
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.08%
||
7 Day CHG~0.00%
Published-16 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Action-Not Available
Vendor-extplorern/a
Product-extplorern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wrt160nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.30%
||
7 Day CHG~0.00%
Published-16 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-9598
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.56%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 07:37
Updated-25 Oct, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the logged in user's cookies to their own server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-AMP for WP – Accelerated Mobile Pagesamp_for_wp
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5351
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.74% / 82.19%
||
7 Day CHG-4.36%
Published-25 Feb, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxtomcatubuntu_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5170
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.47%
||
7 Day CHG~0.00%
Published-24 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Cloud Foundry
Product-cloud_foundry_uaacf-releasecloud_foundry_elastic_runtimen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.48%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 05:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.

Action-Not Available
Vendor-joomskyn/a
Product-js_support_ticketn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.61% / 69.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2009 | 17:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

Action-Not Available
Vendor-n/aSquirrelMail
Product-squirrelmailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.84% / 74.40%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.

Action-Not Available
Vendor-wftpservern/a
Product-wing_ftp_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 19.68%
||
7 Day CHG~0.00%
Published-14 Aug, 2009 | 15:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_control_suite_for_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback.

Action-Not Available
Vendor-cloudwordsn/a
Product-cloudwords_for_multilingualn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4274
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-31 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-1733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-20 May, 2009 | 19:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors.

Action-Not Available
Vendor-richard_ellerbrockn/a
Product-ipplann/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-9454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.13%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 18:43
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.

Action-Not Available
Vendor-n/aMetagauss Inc.
Product-registrationmagicn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 81
  • 82
  • Next
Details not found