Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9266 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | |||||
| CVE-2020-9042 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | |||||
| CVE-2020-9018 | 1 Litecart | 1 Litecart | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | |||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | |||||
| CVE-2020-8976 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2024-11-21 | N/A | 9.6 CRITICAL |
| The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. | |||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | |||||
| CVE-2020-8829 | 1 Intelbras | 2 Cip 92200, Cip 92200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | |||||
| CVE-2020-8658 | 1 Bestwebsoft | 1 Htaccess | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. | |||||
| CVE-2020-8615 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 2.6 LOW | 6.5 MEDIUM |
| A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). | |||||
| CVE-2020-8505 | 1 Arox | 1 School Management Software Php\/mysql | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | |||||
| CVE-2020-8504 | 1 Arox | 1 School Management Software Php\/mysql | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | |||||
| CVE-2020-8465 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | |||||
| CVE-2020-8461 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | |||||
| CVE-2020-8425 | 1 Cups Easy \(purchase \& Inventory\) Project | 1 Cups Easy \(purchase \& Inventory\) | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. | |||||
| CVE-2020-8424 | 1 Cups Easy Project | 1 Cups Easy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. | |||||
| CVE-2020-8420 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. | |||||
| CVE-2020-8419 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. | |||||
| CVE-2020-8417 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | |||||
| CVE-2020-8282 | 1 Ui | 4 Edgemax Edgepower 24v, Edgemax Edgepower 24v Firmware, Edgemax Edgepower 54v and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | |||||
| CVE-2020-8168 | 1 Ui | 51 Ag-hp-2g16, Ag-hp-2g20, Ag-hp-5g23 and 48 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | |||||