Total
8047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10237 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | ||||
| CVE-2019-10199 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Openshift Application Runtimes | 2024-11-21 | 8.8 High |
| It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. | ||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | ||||
| CVE-2019-10176 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | ||||
| CVE-2019-10057 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2024-11-21 | N/A |
| Various Lexmark products have CSRF. | ||||
| CVE-2019-1010112 | 1 Phpcoo | 1 Oecms | 2024-11-21 | N/A |
| OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3. | ||||
| CVE-2019-1010096 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010095 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010094 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | ||||
| CVE-2019-1003098 | 1 Jenkins | 1 Openid | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003090 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003086 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003084 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003082 | 1 Jenkins | 1 Gearman | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003080 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003078 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003076 | 1 Jenkins | 1 Audit To Database | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003058 | 1 Jenkins | 1 Ftp Publisher | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | ||||