Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10166 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | |||||
| CVE-2018-10127 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role. | |||||
| CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
| CVE-2018-10099 | 1 Google | 1 Monorail | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-10048 | 1 Iscripts | 1 Eswap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. | |||||
| CVE-2018-10031 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. | |||||
| CVE-2018-10030 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | |||||
| CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | |||||
| CVE-2018-1000858 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. | |||||
| CVE-2018-1000846 | 1 Freshdns Project | 1 Freshdns | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later. | |||||
| CVE-2018-1000843 | 1 Spotify | 1 Luigi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. | |||||
| CVE-2018-1000669 | 1 Koha | 1 Koha | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. | |||||
| CVE-2018-1000514 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | |||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | |||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-1000417 | 1 Jenkins | 1 Email Extension Template | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. | |||||
| CVE-2018-1000414 | 1 Jenkins | 1 Config File Provider | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. | |||||