Total
8021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | N/A |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | ||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | ||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | ||||
| CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2024-11-21 | N/A |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | ||||
| CVE-2018-15569 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | N/A |
| my little forum 2.4.12 allows CSRF for deletion of users. | ||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2024-11-21 | N/A |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | ||||
| CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | N/A |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | ||||
| CVE-2018-15564 | 1 Simple-cms Project | 1 Simple Cms | 2024-11-21 | N/A |
| An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. | ||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | ||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | ||||
| CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | ||||
| CVE-2018-15203 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. | ||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2024-11-21 | N/A |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | ||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | ||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | ||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | ||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | ||||
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | N/A |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | ||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | N/A |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | ||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2024-11-21 | N/A |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | ||||