Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000008 | 1 Chyrp-lite Project | 1 Chyrp Lite | 2025-04-20 | N/A |
| Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. | ||||
| CVE-2016-7980 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | ||||
| CVE-2017-6411 | 1 Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2025-04-20 | N/A |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | ||||
| CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
| IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | ||||
| CVE-2017-9033 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | ||||
| CVE-2017-8928 | 1 Mailcow | 1 Mailcow\ | 2025-04-20 | 8.8 High |
| mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | ||||
| CVE-2016-5937 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | ||||
| CVE-2017-14530 | 1 Crony Cronjob Manager Project | 1 Crony Cronjob Manager | 2025-04-20 | 8.0 High |
| WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | ||||
| CVE-2017-16570 | 1 Keystonejs | 1 Keystone | 2025-04-20 | N/A |
| KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. | ||||
| CVE-2016-9991 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-20 | N/A |
| IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | ||||
| CVE-2016-9218 | 1 Cisco | 1 Hybrid Meeting Server | 2025-04-20 | N/A |
| A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. | ||||
| CVE-2017-17894 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | N/A |
| Readymade Job Site Script has CSRF via the /job URI. | ||||
| CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | ||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2025-04-20 | N/A |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | ||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | N/A |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | ||||
| CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2025-04-20 | N/A |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | ||||
| CVE-2017-1000069 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2025-04-20 | N/A |
| CSRF in Bitly oauth2_proxy 2.1 during authentication flow | ||||
| CVE-2017-12970 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. | ||||
| CVE-2017-9519 | 1 Atmail | 1 Atmail | 2025-04-20 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | ||||