Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11447 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | |||||
| CVE-2018-11442 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | |||||
| CVE-2018-11427 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | |||||
| CVE-2018-11406 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. | |||||
| CVE-2018-11405 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | |||||
| CVE-2018-11371 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SkyCaiji 1.2 allows CSRF to add an Administrator user. | |||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | |||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | |||||
| CVE-2018-11096 | 1 Horse Market Sell \& Rent Portal Project | 1 Horse Market Sell \& Rent Portal | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. | |||||
| CVE-2018-11092 | 1 Admin Notes Project | 1 Admin Notes | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | |||||
| CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | |||||
| CVE-2018-11004 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | |||||
| CVE-2018-11003 | 1 Yxcms | 1 Yxcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | |||||
| CVE-2018-10986 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OX Guard 2.8.0 has CSRF. | |||||
| CVE-2018-10957 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | |||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | |||||
| CVE-2018-10895 | 1 Qutebrowser | 1 Qutebrowser | 2024-11-21 | 6.8 MEDIUM | 9.3 CRITICAL |
| qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | |||||
| CVE-2018-10884 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie. | |||||