Total
9103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20726 | 1 Gilacms | 1 Gila Cms | 2024-12-11 | 8.8 High |
| Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | ||||
| CVE-2024-41776 | 1 Ibm | 1 Cognos Controller | 2024-12-11 | 6.5 Medium |
| IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-8980 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2024-12-10 | 9.6 Critical |
| The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability. | ||||
| CVE-2024-26271 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2024-12-10 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter. | ||||
| CVE-2024-26272 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2024-12-10 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter. | ||||
| CVE-2020-20502 | 1 Yzmcms | 1 Yzmcms | 2024-12-10 | 6.5 Medium |
| Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | ||||
| CVE-2020-21252 | 1 Hongcms Project | 1 Hongcms | 2024-12-10 | 8.8 High |
| Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | ||||
| CVE-2020-21366 | 1 Njtech | 1 Greencms | 2024-12-10 | 8 High |
| Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. | ||||
| CVE-2024-5428 | 1 Oretnom23 | 1 Simple Online Bidding System | 2024-12-09 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-266383. | ||||
| CVE-2024-4929 | 1 Oretnom23 | 1 Simple Online Bidding System | 2024-12-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability. | ||||
| CVE-2022-3372 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2024-12-06 | 8.8 High |
| There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. | ||||
| CVE-2024-48846 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 7.1 High |
| Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2020-18409 | 1 Catfishcms Project | 1 Catfishcms | 2024-12-05 | 6.8 Medium |
| Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | ||||
| CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2024-12-04 | 6.5 Medium |
| Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | ||||
| CVE-2020-18416 | 1 Jyuu | 1 Jymusic | 2024-12-04 | 6.8 Medium |
| An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | ||||
| CVE-2024-11743 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-18418 | 1 Feifeicms | 1 Feifeicms | 2024-12-04 | 8.8 High |
| A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | ||||
| CVE-2024-11673 | 1 1000projects | 1 Bookstore Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47879 | 1 Openrefine | 1 Openrefine | 2024-12-04 | 7.6 High |
| OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue. | ||||
| CVE-2024-21032 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2024-12-03 | 6.1 Medium |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||