CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CSRF)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2016-0355 352 CSRF 2017-08-29 2017-09-06
4.0
None Remote Low Single system None None Partial
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.
1152 CVE-2016-0348 352 XSS CSRF 2018-02-21 2018-03-09
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.
1153 CVE-2016-0335 352 CSRF 2018-01-12 2018-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
1154 CVE-2016-0295 352 XSS CSRF 2018-02-28 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.
1155 CVE-2016-0272 352 CSRF 2018-03-09 2018-03-26
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052.
1156 CVE-2015-9458 89 Sql CSRF 2019-10-10 2019-10-11
6.5
None Remote Low Single system Partial Partial Partial
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
1157 CVE-2015-9455 352 Dir. Trav. CSRF 2019-10-07 2019-10-10
7.8
None Remote Medium Not required None Partial Complete
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
1158 CVE-2015-9447 352 Sql CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
1159 CVE-2015-9445 352 Sql CSRF 2019-09-26 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
1160 CVE-2015-9443 352 XSS CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
1161 CVE-2015-9442 352 XSS CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
1162 CVE-2015-9441 352 XSS CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.
1163 CVE-2015-9440 352 XSS CSRF 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.
1164 CVE-2015-9439 79 XSS CSRF 2019-09-25 2019-09-26
3.5
None Remote Medium Single system None Partial None
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
1165 CVE-2015-9437 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
1166 CVE-2015-9434 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.
1167 CVE-2015-9433 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.
1168 CVE-2015-9432 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
1169 CVE-2015-9431 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
1170 CVE-2015-9429 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
1171 CVE-2015-9428 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
1172 CVE-2015-9427 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
1173 CVE-2015-9426 79 XSS CSRF 2019-09-25 2019-09-26
3.5
None Remote Medium Single system None Partial None
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
1174 CVE-2015-9425 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
1175 CVE-2015-9424 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
1176 CVE-2015-9422 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
1177 CVE-2015-9421 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
1178 CVE-2015-9418 352 CSRF 2019-09-25 2019-09-27
5.8
None Remote Medium Not required None Partial Partial
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
1179 CVE-2015-9417 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.
1180 CVE-2015-9413 352 XSS CSRF 2019-09-25 2019-09-27
4.3
None Remote Medium Not required None Partial None
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
1181 CVE-2015-9409 352 XSS CSRF 2019-09-25 2019-09-26
4.3
None Remote Medium Not required None Partial None
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
1182 CVE-2015-9408 352 XSS CSRF 2019-09-20 2019-09-20
4.3
None Remote Medium Not required None Partial None
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
1183 CVE-2015-9394 352 CSRF 2019-09-20 2019-09-20
6.8
None Remote Medium Not required Partial Partial Partial
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
1184 CVE-2015-9388 352 XSS CSRF 2019-09-20 2019-09-23
4.3
None Remote Medium Not required None Partial None
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
1185 CVE-2015-9387 352 CSRF 2019-09-20 2019-09-23
4.3
None Remote Medium Not required None Partial None
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
1186 CVE-2015-9380 352 CSRF 2019-08-30 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
1187 CVE-2015-9343 352 CSRF 2019-08-27 2019-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
1188 CVE-2015-9332 352 CSRF 2019-08-20 2019-08-22
5.8
None Remote Medium Not required None Partial Partial
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
1189 CVE-2015-9322 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
1190 CVE-2015-9309 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
1191 CVE-2015-9308 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
1192 CVE-2015-9307 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
1193 CVE-2015-9292 352 CSRF 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
1194 CVE-2015-9284 352 CSRF 2019-04-26 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
1195 CVE-2015-9233 352 XSS CSRF 2017-09-29 2017-10-06
6.8
None Remote Medium Not required Partial Partial Partial
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
1196 CVE-2015-8814 352 Bypass CSRF 2017-03-03 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
1197 CVE-2015-8624 352 Bypass CSRF 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
1198 CVE-2015-8623 352 Bypass CSRF 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
1199 CVE-2015-8563 352 CSRF 2015-12-16 2015-12-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
1200 CVE-2015-8487 200 +Info CSRF 2016-02-16 2016-02-22
2.6
None Remote High Not required Partial None None
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
Total number of vulnerabilities : 2521   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.