Search Results (9439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31294 1 Razormist 1 Online Discussion Forum Site 2025-04-22 6.5 Medium
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.
CVE-2021-46027 1 Wangl1989 1 Mysiteforme 2025-04-22 6.5 Medium
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
CVE-2022-41263 1 Sap 1 Business Objects Business Intelligence Platform 2025-04-22 4.3 Medium
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.
CVE-2022-46074 1 Helmet Store Showroom Project 1 Helmet Store Showroom 2025-04-22 8.8 High
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
CVE-2022-46062 1 Gym Management System Project 1 Gym Management System 2025-04-22 4.5 Medium
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2024-42612 2 Pigg, Pligg 2 Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42619 2 Kliqqi, Pligg 2 Kliqqi Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVE-2022-30694 1 Siemens 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more 2025-04-21 6.5 Medium
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
CVE-2017-9062 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVE-2012-4568 1 Letodms Project 1 Letodms 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2017-9518 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
CVE-2017-9519 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
CVE-2017-5489 1 Wordpress 1 Wordpress 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
CVE-2017-16244 1 Octobercms 1 October 2025-04-20 N/A
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVE-2014-9136 1 Huawei 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more 2025-04-20 N/A
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
CVE-2017-8138 1 Huawei 1 Hedex Lite 2025-04-20 N/A
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.
CVE-2015-4639 1 Koha 1 Koha 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
CVE-2017-6756 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280.
CVE-2017-8101 1 S9y 1 Serendipity 2025-04-20 N/A
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVE-2017-8100 1 Artistscope 1 Copysafe Web Protection 2025-04-20 N/A
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.