Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20580 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. | |||||
| CVE-2021-20489 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. | |||||
| CVE-2021-20468 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. | |||||
| CVE-2021-20403 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2021-20165 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). | |||||
| CVE-2021-20126 | 1 Draytek | 1 Vigorconnect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2021-20120 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user. | |||||
| CVE-2021-20102 | 1 Machform | 1 Machform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. | |||||
| CVE-2021-20096 | 1 Lucyparsonslabs | 1 Openoversight | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | |||||
| CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Dna Center, Linux Kernel and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | |||||
| CVE-2021-1227 | 1 Cisco | 46 Mds 9148s, Mds 9250i, Mds 9706 and 43 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. | |||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | |||||
| CVE-2020-9394 | 1 Supsystic | 1 Pricing Table By Supsystic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. | |||||
| CVE-2020-9388 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. | |||||
| CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | |||||
| CVE-2020-9341 | 1 Auieo | 1 Candidats | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | |||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | |||||
| CVE-2020-9270 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | |||||
| CVE-2020-9267 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | |||||