Export limit exceeded: 12021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10307 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5809 1 Schneider-electric 6 Ion5000, Ion7300, Ion7500 and 3 more 2025-04-20 N/A
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
CVE-2016-6806 1 Apache 1 Wicket 2025-04-20 N/A
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.
CVE-2017-7557 1 Powerdns 1 Dnsdist 2025-04-20 N/A
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
CVE-2017-16570 1 Keystonejs 1 Keystone 2025-04-20 N/A
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
CVE-2017-8836 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
CVE-2017-17891 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
CVE-2017-17982 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
CVE-2017-17903 1 Fortunescripts 1 Lynda Clone 2025-04-20 N/A
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
CVE-2017-16565 1 Grandstream 2 Ht802, Ht802 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
CVE-2017-16563 1 Grandstream 2 Ht802, Ht802 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
CVE-2017-14048 1 Blackcat-cms 1 Blackcat Cms 2025-04-20 N/A
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.
CVE-2017-12703 1 Westermo 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more 2025-04-20 N/A
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.
CVE-2017-7431 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
CVE-2014-9136 1 Huawei 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more 2025-04-20 N/A
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
CVE-2017-7556 1 Hawt 1 Hawtio 2025-04-20 N/A
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
CVE-2015-5170 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2025-04-20 8.8 High
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
CVE-2017-7571 1 Ladybirdweb 1 Faveo Helpdesk 2025-04-20 8.0 High
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2017-16244 1 Octobercms 1 October 2025-04-20 N/A
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVE-2017-6080 1 Zammad 1 Zammad 2025-04-20 N/A
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
CVE-2017-4998 1 Emc 1 Rsa Archer Egrc 2025-04-20 N/A
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.