Total
7810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | N/A |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | ||||
| CVE-2018-15846 | 1 Fledrcms Project | 1 Fledrcms | 2024-11-21 | N/A |
| An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | ||||
| CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | N/A |
| There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | ||||
| CVE-2018-15844 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | ||||
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | N/A |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | ||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | ||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | ||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2024-11-21 | N/A |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||
| CVE-2018-15569 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | N/A |
| my little forum 2.4.12 allows CSRF for deletion of users. | ||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2024-11-21 | N/A |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | ||||
| CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | N/A |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | ||||
| CVE-2018-15564 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | N/A |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. | ||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | ||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | ||||
| CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | ||||
| CVE-2018-15203 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. | ||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2024-11-21 | N/A |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | ||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | ||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | ||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | ||||