Vulnerabilities (CVE)

Filtered by CWE-352
Total 6075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0895 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
CVE-2015-0807 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-21 6.8 MEDIUM N/A
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
CVE-2015-0759 1 Cisco 1 Headend Digital Broadband Delivery System 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0741 1 Cisco 1 Hosted Collaboration Solution 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.
CVE-2015-0740 1 Cisco 1 Unified Intelligence Center 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.
CVE-2015-0736 1 Cisco 1 Mediasense 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.
CVE-2015-0735 1 Cisco 1 Unified Customer Voice Portal 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.
CVE-2015-0716 1 Cisco 1 Unity Connection 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
CVE-2015-0705 1 Cisco 1 Unified Meetingplace 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.
CVE-2015-0704 1 Cisco 1 Unified Meetingplace 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.
CVE-2015-0700 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.
CVE-2015-0651 1 Cisco 1 Application Networking Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.
CVE-2015-0596 1 Cisco 1 Webex Meetings Server 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.
CVE-2015-0588 1 Cisco 1 Unified Communications Domain Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.
CVE-2015-0542 1 Emc 1 Rsa Archer Egrc 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0541 1 Rsa 1 Web Threat Detection 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0276 1 Kallithea-scm 1 Kallithea 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
CVE-2015-0218 1 Moodle 1 Moodle 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVE-2015-0213 1 Moodle 1 Moodle 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.
CVE-2015-0151 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.