Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36513

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-06 Jun, 2025 | 04:29
Updated At-06 Jun, 2025 | 14:07
Rejected At-
Credits

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:06 Jun, 2025 | 04:29
Updated At:06 Jun, 2025 | 14:07
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.

Affected Products
Vendor
i-PRO Co., Ltd.
Product
Surveillance cameras provided by i-PRO Co., Ltd.
Versions
Affected
  • see the information provided by the vendor
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-site request forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-site request forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories
N/A
https://jvn.jp/en/jp/JVN10964289/
N/A
Hyperlink: https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN10964289/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:06 Jun, 2025 | 05:15
Updated At:06 Jun, 2025 | 14:07

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryvultures@jpcert.or.jp
CWE ID: CWE-352
Type: Primary
Source: vultures@jpcert.or.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisoriesvultures@jpcert.or.jp
N/A
https://jvn.jp/en/jp/JVN10964289/vultures@jpcert.or.jp
N/A
Hyperlink: https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN10964289/
Source: vultures@jpcert.or.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

225Records found
CVE-2017-7491
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle 2.x and 3.x
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.56%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.56%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.56%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4594
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 14:31
Updated-15 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS sys_safe.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4588
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 13:00
Updated-15 Jan, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS mytag_add.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-16862
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.68%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4167
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:30
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-10025
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2023 | 17:00
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-exit_strategy_projectn/a
Product-exit_strategyExit Strategy Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-10029
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:00
Updated-22 Nov, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgery

A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.

Action-Not Available
Vendor-angrybten/a
Product-wordpress_exit_box_liteExit Box Lite Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4015
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.18%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4142
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 14:30
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4049
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.24%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 10:40
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4726
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 15:55
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3931
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in snipe/snipe-it

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-snipeitappsnipe
Product-snipe-itsnipe/snipe-it
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38886
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4515
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 13:50
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3900
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.15%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 17:45
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4117
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_privateCloud Private
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4212
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 14:30
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10010
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 05:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery

A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability.

Action-Not Available
Vendor-BestWebSoft
Product-contact_formContact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10017
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 10:00
Updated-21 Nov, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Portfolio Plugin cross-site request forgery

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.

Action-Not Available
Vendor-BestWebSoft
Product-portfolioPortfolio Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10015
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 23:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery

A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-BestWebSoft
Product-twitterTwitter Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10012
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 23:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery

A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.

Action-Not Available
Vendor-BestWebSoft
Product-facebook_buttonFacebook Like Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29816
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29757
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar User Behavior Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29837
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3143
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-15 Jan, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS member_rank.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3151
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 17:00
Updated-27 Jun, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery

A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtaskbdtask
Product-m-storeMulti-Store Inventory Management Systemmulti_store_inventory_management_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4231
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3146
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.07%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:31
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_rss_action.php cross-site request forgery

A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3147
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:31
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_map.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3144
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:00
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_spec.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2820
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 16:00
Updated-15 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS baidunews.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2817
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 08:00
Updated-10 Apr, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2816
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 07:31
Updated-21 Aug, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2823
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 16.95%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 17:00
Updated-10 Apr, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS mda_main.php cross-site request forgery

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2821
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 16:00
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS friendlink_edit.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4454
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 09:26
Updated-03 Oct, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.

Action-Not Available
Vendor-wallabagwallabagwallabag
Product-wallabagwallabag/wallabagwallabag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2559
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 09:31
Updated-27 Jan, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2560
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.98%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 10:31
Updated-22 Jan, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18ac18_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2354
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-10 Mar, 2024 | 11:00
Updated-21 Aug, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamer CMS toEdit cross-site request forgery

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Dreamerdreamer_cms_project
Product-CMSdreamer_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2316
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 11:31
Updated-24 Mar, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask Hospital AutoManager Update Bill Page cross-site request forgery

A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtask
Product-hospital_automanagerHospital AutoManager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2277
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.29%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:00
Updated-12 Mar, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtaskbdtask
Product-g-prescription_gynaecology_\&_obs_consultationG-Prescription Gynaecology & OBS Consultation Softwareg-prescription_gynaecology_\&_obs_consultation_software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4613
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:20
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4750
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 15:50
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_app_managementCloud App Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13203
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.34%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 02:00
Updated-02 Jul, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kurniaramadhan E-Commerce-PHP cross-site request forgery

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kurniaramadhankurniaramadhan
Product-e-commerce-phpE-Commerce-PHP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2021-20580
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:50
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4736
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-12349
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.05%
||
7 Day CHG-0.00%
Published-09 Dec, 2024 | 00:00
Updated-11 Dec, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JFinalCMS save cross-site request forgery

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-jwillbern/ajfinalcms_project
Product-jfinalcmsJFinalCMSjfinalcms
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found