Search Results (9397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14092 1 Trendmicro 1 Scanmail 2025-04-20 N/A
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVE-2016-9714 1 Ibm 1 Infosphere Master Data Management Server 2025-04-20 N/A
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.
CVE-2017-14267 1 Ee 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware 2025-04-20 N/A
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
CVE-2017-3794 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.
CVE-2017-14683 1 Geminabox Project 1 Geminabox 2025-04-20 8.8 High
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
CVE-2017-9489 2 Cisco, Commscope 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more 2025-04-20 8.8 High
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
CVE-2017-9490 3 Arris, Cisco, Commscope 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more 2025-04-20 N/A
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
CVE-2017-1000008 1 Chyrp-lite Project 1 Chyrp Lite 2025-04-20 N/A
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
CVE-2017-9517 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
CVE-2017-9518 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
CVE-2017-9519 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
CVE-2014-9565 1 Ibm 4 En6131, En6131 Firmware, Ib6131 and 1 more 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.
CVE-2015-0276 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
CVE-2017-7423 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
CVE-2015-4639 1 Koha 1 Koha 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
CVE-2016-2965 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.
CVE-2016-4315 1 Wso2 1 Carbon 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
CVE-2016-4882 1 Basercms 1 Basercms 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-9730 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.
CVE-2017-1000090 1 Jenkins 1 Role-based Authorization Strategy 2025-04-20 N/A
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.