Vulnerabilities (CVE)

Filtered by CWE-352
Total 6078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6523 1 Portfolio Project 1 Portfolio 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.
CVE-2015-6517 1 Phpliteadmin Project 1 Phpliteadmin 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
CVE-2015-6493 1 Infinite Automation Systems 1 Mango Automation 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-6468 1 Resource Data Management Data Manager 1 Data Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-6408 1 Cisco 1 Unity Connection 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
CVE-2015-6405 1 Cisco 1 Emergency Responder 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.
CVE-2015-6378 1 Cisco 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.
CVE-2015-6376 1 Cisco 1 Telepresence Video Communication Server Software 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
CVE-2015-6373 1 Cisco 1 Firepower Extensible Operating System 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.
CVE-2015-6330 1 Cisco 1 Prime Collaboration Assurance 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.
CVE-2015-6304 1 Cisco 1 Telepresence Server Software 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
CVE-2015-6262 1 Cisco 1 Prime Infrastructure 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.
CVE-2015-6007 1 Refbase 1 Refbase 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-5999 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
CVE-2015-5996 1 Mediabridge 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-5991 1 Philippine Long Distance Telephone 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.
CVE-2015-5990 1 Zyxel 1 Gs1900-10hp Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-5731 1 Wordpress 1 Wordpress 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
CVE-2015-5698 1 Siemens 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware 2024-11-21 7.5 HIGH N/A
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5686 1 Puppet 1 Puppet Enterprise 2024-11-21 6.8 MEDIUM 8.8 HIGH
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.