Total
6085 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-24982 | 1 Quadbase | 1 Espressdashboard | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. | |||||
CVE-2020-24922 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | N/A | 8.8 HIGH |
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | |||||
CVE-2020-24847 | 1 Fruitywifi Project | 1 Fruitywifi | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase. | |||||
CVE-2020-24740 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage | |||||
CVE-2020-24739 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted. | |||||
CVE-2020-24570 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | |||||
CVE-2020-24373 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | |||||
CVE-2020-24271 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | |||||
CVE-2020-24130 | 1 Ponzu-cms | 1 Ponzu | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | |||||
CVE-2020-24033 | 1 Fs | 2 S3900 24t4s, S3900 24t4s Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. | |||||
CVE-2020-23960 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | |||||
CVE-2020-23837 | 1 Multi User Project | 1 Multi User | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. | |||||
CVE-2020-23836 | 1 Oswapp | 1 Warehouse Inventory System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. | |||||
CVE-2020-23830 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | |||||
CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | |||||
CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | |||||
CVE-2020-23631 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | |||||
CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A | 8.8 HIGH |
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | |||||
CVE-2020-23593 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port. | |||||
CVE-2020-23592 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-11-21 | N/A | 8.8 HIGH |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. |