Total
8545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7005 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-6849 | 1 Hutchhouse | 1 Marketo Forms And Tracking | 2024-11-21 | 8.8 High |
| The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. | ||||
| CVE-2020-6844 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 8.8 High |
| In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. | ||||
| CVE-2020-6776 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2024-11-21 | 8.8 High |
| A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the victim, e.g. creating and modifying user accounts, changing system configuration settings and cause DoS conditions. Note: For Bosch PRAESIDEO 4.31 and newer and Bosch PRAESENSA in all versions, the confidentiality impact is considered low because user credentials are not shown in the web interface. | ||||
| CVE-2020-6585 | 1 Nagios | 1 Nagios | 2024-11-21 | 8.8 High |
| Nagios Log Server 2.1.3 has CSRF. | ||||
| CVE-2020-6289 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. | ||||
| CVE-2020-6206 | 1 Sap | 1 Cloud Platform Integration | 2024-11-21 | 4.3 Medium |
| SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery. | ||||
| CVE-2020-6167 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-11-21 | 8.8 High |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. | ||||
| CVE-2020-5928 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 3.1 Low |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. | ||||
| CVE-2020-5922 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 8.8 High |
| In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. | ||||
| CVE-2020-5904 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.8 High |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. | ||||
| CVE-2020-5900 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 8.8 High |
| In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | ||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5786 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5783 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 5.4 Medium |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. | ||||
| CVE-2020-5776 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 8.8 High |
| Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. | ||||
| CVE-2020-5770 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5767 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 7.4 High |
| Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5642 | 1 Onwebchat | 1 Live Chat - Live Support | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||