ByteOS Network

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35557

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 28.24%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:58

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35559

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.21% / 43.20%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:58

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35012

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.3||MEDIUM

EPSS-0.16% / 37.08%

7 Day CHG~0.00%

Published-14 May, 2024 | 13:58

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39022

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.15% / 36.70%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35109

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.82%

7 Day CHG~0.00%

Published-15 May, 2024 | 02:03

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39119

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.16% / 37.62%

7 Day CHG~0.00%

Published-02 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39157

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.06% / 19.57%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39154

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.10% / 28.84%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39153

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-4.7||MEDIUM

EPSS-0.04% / 13.06%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35009

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.34% / 55.85%

7 Day CHG~0.00%

Published-14 May, 2024 | 13:58

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39158

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.15% / 35.65%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39156

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.06% / 19.57%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35108

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.11% / 30.09%

7 Day CHG~0.00%

Published-15 May, 2024 | 02:03

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-33830

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.1||HIGH

EPSS-0.18% / 39.24%

7 Day CHG~0.00%

Published-06 May, 2024 | 00:00

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35039

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.14% / 34.79%

7 Day CHG~0.00%

Published-16 May, 2024 | 14:29

Updated-15 Apr, 2025 | 17:03

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35551

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.12% / 32.42%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-25 Mar, 2025 | 16:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-34958

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-2.08% / 83.26%

7 Day CHG~0.00%

Published-16 May, 2024 | 14:32

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35554

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.19% / 40.57%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-26 Mar, 2025 | 16:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-33829

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 30.01%

7 Day CHG~0.00%

Published-06 May, 2024 | 00:00

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.

Vendor-idccms n/a idccms_project

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-4172

Matching Score-6

Assigner-VulDB

View Details

Matching Score-6

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.11% / 29.59%

7 Day CHG-0.00%

Published-25 Apr, 2024 | 14:00

Updated-01 Aug, 2024 | 20:33

idcCMS cross-site request forgery

A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.

Vendor-n/a idccms_project

Product-idcCMS idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-3971

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.4||MEDIUM

EPSS-0.14% / 35.38%

7 Day CHG~0.00%

Published-14 Jun, 2024 | 06:00

Updated-13 Mar, 2025 | 22:15

Similarity <= 3.0 - Plugin Reset via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Vendor-davidjmiller Unknown

Product-similarity Similarity

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-2375

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.4||MEDIUM

EPSS-0.20% / 42.37%

7 Day CHG+0.02%

Published-22 Aug, 2022 | 15:01

Updated-03 Aug, 2024 | 00:32

WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues

Vendor-okapitech Unknown

Product-wp_sticky_button WP Sticky Button – Click to Chat

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-42625

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 17.79%

7 Day CHG~0.00%

Published-12 Aug, 2024 | 00:00

Updated-13 Aug, 2024 | 17:37

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add

Vendor-frogcms_project n/a frogcms_project

Product-frogcms n/a frogcms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35561

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs