Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12273 | 1 Outsystems | 1 Outsystems | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists | |||||
| CVE-2019-12253 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. | |||||
| CVE-2019-12246 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2019-12095 | 1 Horde | 1 Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. | |||||
| CVE-2019-11886 | 1 Yellowpencil | 1 Visual Css Style Editor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access. | |||||
| CVE-2019-11712 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||
| CVE-2019-11617 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11590 | 1 10web | 1 Form Maker | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11588 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11587 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | |||||
| CVE-2019-11586 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11569 | 1 Veeam | 1 One Reporter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Veeam ONE Reporter 9.5.0.3201 allows CSRF. | |||||
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11517 | 1 Wampserver | 1 Wampserver | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner. | |||||
| CVE-2019-11457 | 1 Micropyramid | 1 Django Crm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. | |||||
| CVE-2019-11456 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | |||||
| CVE-2019-11416 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. | |||||