CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CSRF)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2017-2273 352 CSRF 2017-07-21 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
952 CVE-2017-2244 352 CSRF 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
953 CVE-2017-2238 352 CSRF 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
954 CVE-2017-2223 352 CSRF 2017-07-07 2017-07-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
955 CVE-2017-2138 352 CSRF 2017-08-02 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
956 CVE-2017-2102 352 CSRF 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
957 CVE-2017-2097 352 CSRF 2017-04-28 2017-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
958 CVE-2017-2093 200 +Info CSRF 2017-04-28 2017-05-03
4.3
None Remote Medium Not required Partial None None
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
959 CVE-2017-1769 352 CSRF 2018-01-24 2018-02-08
6.8
None Remote Medium Not required Partial Partial Partial
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
960 CVE-2017-1746 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
961 CVE-2017-1672 352 CSRF 2018-01-04 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
962 CVE-2017-1631 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
963 CVE-2017-1442 352 CSRF 2017-08-30 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
964 CVE-2017-1300 352 CSRF 2017-11-01 2017-11-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
965 CVE-2017-1218 352 CSRF 2017-07-19 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
966 CVE-2017-1194 352 CSRF 2017-04-28 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
967 CVE-2017-1097 352 CSRF 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
968 CVE-2017-0933 352 +Priv CSRF 2018-03-22 2019-10-09
8.5
None Remote Medium Single system Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.
969 CVE-2017-0362 352 CSRF 2018-04-13 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
970 CVE-2017-0045 352 +Info CSRF 2017-03-16 2017-08-15
4.3
None Remote Medium Not required Partial None None
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
971 CVE-2016-1000218 352 CSRF 2017-06-16 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
972 CVE-2016-1000213 352 CSRF 2016-10-25 2017-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Ruckus Wireless H500 web management interface CSRF
973 CVE-2016-10997 352 CSRF 2019-09-20 2019-09-20
4.3
None Remote Medium Not required None Partial None
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
974 CVE-2016-10989 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
975 CVE-2016-10982 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
976 CVE-2016-10978 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
977 CVE-2016-10974 352 XSS CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
978 CVE-2016-10962 352 CSRF 2019-09-16 2019-09-16
4.3
None Remote Medium Not required None Partial None
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
979 CVE-2016-10959 434 CSRF 2019-09-16 2019-09-16
4.0
None Remote Low Single system None Partial None
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
980 CVE-2016-10946 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
981 CVE-2016-10945 352 CSRF 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
982 CVE-2016-10944 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
983 CVE-2016-10942 89 Sql CSRF 2019-09-13 2019-09-13
7.5
None Remote Low Not required Partial Partial Partial
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
984 CVE-2016-10941 79 XSS CSRF 2019-09-13 2019-09-13
4.3
None Remote Medium Not required None Partial None
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
985 CVE-2016-10938 352 CSRF 2019-09-13 2019-09-13
4.3
None Remote Medium Not required None Partial None
The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.
986 CVE-2016-10918 352 CSRF 2019-08-22 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
987 CVE-2016-10915 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
988 CVE-2016-10914 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
989 CVE-2016-10903 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
990 CVE-2016-10902 352 CSRF 2019-08-21 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
991 CVE-2016-10885 352 CSRF 2019-08-14 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
992 CVE-2016-10884 352 CSRF 2019-08-14 2019-09-06
6.8
None Remote Medium Not required Partial Partial Partial
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
993 CVE-2016-10883 352 CSRF 2019-08-14 2019-08-20
5.8
None Remote Medium Not required None Partial Partial
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
994 CVE-2016-10882 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
995 CVE-2016-10876 352 CSRF 2019-08-12 2019-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
996 CVE-2016-10874 352 CSRF 2019-08-12 2019-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
997 CVE-2016-10865 352 XSS CSRF 2019-08-09 2019-08-15
4.3
None Remote Medium Not required None Partial None
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
998 CVE-2016-10863 352 CSRF 2019-08-08 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
999 CVE-2016-10861 352 CSRF 2019-08-07 2019-08-14
4.3
None Remote Medium Not required None Partial None
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
1000 CVE-2016-10766 352 CSRF 2019-07-29 2019-08-05
6.8
None Remote Medium Not required Partial Partial Partial
edx-platform before 2016-06-06 allows CSRF.
Total number of vulnerabilities : 2521   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.