Total
8886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-10001 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | ||||
| CVE-2013-0300 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php. | ||||
| CVE-2015-3950 | 1 Xzeres | 2 442sr, 442sr Os | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. | ||||
| CVE-2014-7158 | 1 Exinda | 1 Wan Optimization Suite | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch. | ||||
| CVE-2014-4718 | 1 Lunarcms | 1 Lunar Cms | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php. | ||||
| CVE-2014-4717 | 1 Sharethis | 1 Simple Share Buttons Adder | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. | ||||
| CVE-2013-4562 | 1 Madeofcode | 1 Omniauth-facebook | 2025-04-12 | N/A |
| The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. | ||||
| CVE-2016-2878 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-3850 | 1 Member Approval Plugin Project | 1 Member Approval | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. | ||||
| CVE-2014-3115 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | ||||
| CVE-2014-3836 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors. | ||||
| CVE-2014-3061 | 1 Ibm | 1 Emptoris Spend Analysis | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-10027 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | ||||
| CVE-2014-3058 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-3024 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users. | ||||
| CVE-2014-2989 | 1 Open Assessment Technologies | 1 Tao | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add. | ||||
| CVE-2013-5748 | 1 Simplerisk | 1 Simplerisk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action. | ||||
| CVE-2015-5731 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action. | ||||
| CVE-2014-2916 | 1 Phplist | 1 Phplist | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | ||||
| CVE-2014-2838 | 1 Dev4press | 1 Gd Star Rating | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. | ||||