Total
6085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2020-20595 | 1 Opms Project | 1 Opms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | |||||
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | |||||
| CVE-2020-20586 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | |||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||||
| CVE-2020-20502 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | |||||
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | |||||
| CVE-2020-1103 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2020-19964 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | |||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | |||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | |||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | |||||
| CVE-2020-19803 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings. | |||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2020-19669 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | |||||
| CVE-2020-19639 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. | |||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | |||||