Medium
CVE-2014-2665
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended lo…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 74/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2014-04-20
Medium
CVE-2014-1517
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authent…
2014-04-19
Medium
CVE-2014-1990
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen…
2014-04-17
Medium
CVE-2014-0054
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbit…
2014-04-11
Medium
CVE-2013-2708
Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin…
Medium
CVE-2013-2706
Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change p…
2014-04-10
Medium
CVE-2013-3252
Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators f…
Medium
CVE-2013-3251
Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that chan…
Medium
CVE-2013-2699
Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deac…
Medium
CVE-2013-2693
Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests tha…
Medium
CVE-2012-4921
Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators…
2014-04-04
Medium
CVE-2014-2115
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary u…
2014-04-03
Medium
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create websit…
2014-04-02
Medium
CVE-2013-7352
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL inj…
Medium
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this…
Medium
CVE-2013-4240
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for request…
2014-03-27
Medium
CVE-2013-7346
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via…
Medium
CVE-2013-2559
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us…
2014-03-25
Medium
CVE-2014-0885
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of…
Medium
CVE-2013-5443
Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authenticat…
2014-03-24
Medium
CVE-2013-1408
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2…
Medium
CVE-2014-0126
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers t…
2014-03-16
Medium
CVE-2014-2249
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attack…
Medium
CVE-2014-0873
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before…
Medium
CVE-2013-4057
Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to…
2014-03-14
Medium
CVE-2013-0301
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…
Medium
CVE-2013-0300
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi…
Medium
CVE-2013-0299
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t…
Medium
CVE-2013-4963
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report,…
Medium
CVE-2013-2086
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
Medium
CVE-2013-2048
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF t…
Medium
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) bef…
Medium
CVE-2013-6188
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vector…
2014-03-13
Medium
CVE-2013-3729
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection…
High
CVE-2013-3727
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged us…
2014-03-11
Medium
CVE-2013-2754
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator ac…
Medium
CVE-2012-6290
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leverage…
Medium
CVE-2013-7334
Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q…
Medium
CVE-2013-6942
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attack…
2014-03-06
Medium
CVE-2014-0336
Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that u…
2014-02-27
Medium
CVE-2014-0745
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of a…
Medium
CVE-2014-0740
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified C…
2014-02-24
Medium
CVE-2013-6202
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests tha…
2014-02-20
Medium
CVE-2014-0736
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote att…
2014-02-15
Medium
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers…
Medium
CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persist…
2014-02-14
Medium
CVE-2014-0813
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
2014-02-11
Medium
CVE-2014-1459
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NO…
2014-02-07
Medium
CVE-2014-1915
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t…
2014-02-06
Medium
CVE-2013-7320
Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests…
2014-02-04
Medium
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc…
Medium
CVE-2014-1694
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/…
Medium
CVE-2013-3098
Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for request…
Medium
CVE-2013-5427
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Pro…
2014-02-01
Medium
CVE-2014-0831
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary us…
2014-01-30
Medium
CVE-2014-0835
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console…
2014-01-29
Medium
CVE-2013-4889
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a…
2014-01-26
Medium
CVE-2013-6429
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitra…
2014-01-23
Medium
CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to rea…
Medium
CVE-2013-4152
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary fi…
Medium
CVE-2013-6443
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destruct…
2014-01-21
Medium
CVE-2013-6922
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrato…
2014-01-20
Medium
CVE-2014-0010
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allo…
2014-01-17
Medium
CVE-2014-1211
Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
Medium
CVE-2013-7204
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators…
2014-01-16
Medium
CVE-2012-6631
Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts…
Medium
CVE-2012-6629
Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for r…
Medium
CVE-2014-1473
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of use…
2014-01-15
Medium
CVE-2013-7107
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspe…
2014-01-12
Medium
CVE-2013-6028
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user acc…
2014-01-08
Medium
CVE-2014-0621
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that…
2014-01-03
Medium
CVE-2013-7256
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Medium
CVE-2013-6992
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentica…
2014-01-02
Medium
CVE-2013-7251
Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2)…
Medium
CVE-2013-7223
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…
2013-12-30
Medium
CVE-2013-7209
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the…
Medium
CVE-2013-7233
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a…
Medium
CVE-2013-5039
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re…
2013-12-23
Medium
CVE-2013-4405
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for uns…
2013-12-21
Medium
CVE-2013-2628
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for un…
2013-12-19
Medium
CVE-2013-6976
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a passwo…
2013-12-17
Medium
CVE-2013-6883
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests…
Medium
CVE-2013-6192
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
2013-12-14
Medium
CVE-2013-6710
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
Medium
CVE-2013-4000
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o…
2013-12-13
Medium
CVE-2012-5394
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti…
2013-12-12
Medium
CVE-2013-2752
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication…
2013-12-10
High
CVE-2013-7043
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of adminis…
2013-12-09
Medium
CVE-2013-5355
Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settin…
2013-12-07
Medium
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…
2013-11-22
Medium
CVE-2013-6852
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative…
2013-11-21
Medium
CVE-2013-6173
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent…
Medium
CVE-2013-5993
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refu…
2013-11-20
Medium
CVE-2013-6826
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site req…
Medium
CVE-2013-5730
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1…
Medium
CVE-2013-3095
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for re…
2013-11-19
Medium
CVE-2013-6797
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication o…
2013-11-18
Medium
CVE-2013-3694
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitr…
Medium
CVE-2013-4555
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the…
2013-11-13
Medium
CVE-2013-6357
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
2013-11-08
Medium
CVE-2013-4050
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified vic…
2013-11-02
Medium
CVE-2013-6346
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified vic…
2013-11-01
Medium
CVE-2013-5977
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for…
Medium
CVE-2013-2701
Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manip…
2013-10-28
Medium
CVE-2012-0826
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for…
Medium
CVE-2013-6018
Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a p…
2013-10-27
Medium
CVE-2013-4302
(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.…
2013-10-24
Medium
CVE-2013-1734
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers…
Medium
CVE-2013-1733
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs…
2013-10-17
Medium
CVE-2013-4689
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3…
2013-10-13
Medium
CVE-2013-4056
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows rem…
2013-10-11
Medium
CVE-2013-4306
Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authenticat…
2013-10-10
Medium
CVE-2013-0580
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the…
2013-10-09
Medium
CVE-2013-0736
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators f…
2013-10-05
Medium
CVE-2012-4084
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the…
2013-10-04
Medium
CVE-2013-3540
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows…
2013-10-01
Medium
CVE-2013-3963
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, an…
Medium
CVE-2013-3690
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 a…
Medium
CVE-2013-3539
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and pos…
2013-09-28
Medium
CVE-2013-0598
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the au…