Total
7923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17566 | 3 Apache, Oracle, Redhat | 21 Batik, Api Gateway, Business Intelligence and 18 more | 2024-11-21 | 7.5 High |
| Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | ||||
| CVE-2019-17521 | 1 Landing-cms Project | 1 Landing-cms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI, | ||||
| CVE-2019-17495 | 2 Oracle, Smartbear | 6 Banking Apis, Banking Digital Experience, Banking Platform and 3 more | 2024-11-21 | 9.8 Critical |
| A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. | ||||
| CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 6.5 Medium |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | ||||
| CVE-2019-17431 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 8.8 High |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | ||||
| CVE-2019-17386 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 8.8 High |
| The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. | ||||
| CVE-2019-17369 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.5 Medium |
| OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. | ||||
| CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 8.8 High |
| OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | ||||
| CVE-2019-17237 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 8.8 High |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | ||||
| CVE-2019-17217 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. | ||||
| CVE-2019-17118 | 1 Wikidsystems | 1 2fa Enterprise Server | 2024-11-21 | 8.8 High |
| A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices. | ||||
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 8.8 High |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | ||||
| CVE-2019-16752 | 3 Dash, Officialdapscoin, Pivx | 3 Dash Core, Decentralized Anonymous Payment System, Private Instant Verified Transactions | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0. | ||||
| CVE-2019-16721 | 1 5none | 1 Nonecms | 2024-11-21 | 6.5 Medium |
| NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | ||||
| CVE-2019-16719 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 6.5 Medium |
| WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | ||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2024-11-21 | 8.8 High |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | ||||
| CVE-2019-16678 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.5 Medium |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | ||||
| CVE-2019-16677 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | ||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | ||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 8.8 High |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||||