Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | |||||
| CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | |||||
| CVE-2018-20780 | 1 Traq | 1 Traq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | |||||
| CVE-2018-20728 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | |||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | |||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | |||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | |||||
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | |||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||
| CVE-2018-20582 | 1 Gree | 1 Gree\+ | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. | |||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20419 | 1 Douco | 1 Douphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | |||||
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | |||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | |||||
| CVE-2018-20188 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | |||||