Search Results (9400 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5528 1 Tibco 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics 2025-04-20 8.8 High
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).
CVE-2017-9489 2 Cisco, Commscope 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more 2025-04-20 8.8 High
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
CVE-2017-9490 3 Arris, Cisco, Commscope 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more 2025-04-20 N/A
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
CVE-2017-17830 1 Doditsolutions 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script has CSRF via admin/new_master.php.
CVE-2017-1000244 1 Jenkins 1 Favorite 2025-04-20 N/A
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
CVE-2017-15729 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
CVE-2017-4998 1 Emc 1 Rsa Archer Egrc 2025-04-20 N/A
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.
CVE-2017-17936 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2017-17774 1 Piwigo 1 Piwigo 2025-04-20 N/A
admin/configuration.php in Piwigo 2.9.2 has CSRF.
CVE-2017-9863 1 Sma 79 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 76 more 2025-04-20 N/A
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2012-4568 1 Letodms Project 1 Letodms 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-1786 1 Zend 1 Zend Framework 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
CVE-2017-11648 1 Techroutes 2 Tr 1803-3g, Tr 1803-3g Firmware 2025-04-20 N/A
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
CVE-2016-8229 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
CVE-2017-8138 1 Huawei 1 Hedex Lite 2025-04-20 N/A
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.
CVE-2016-4808 1 Web2py 1 Web2py 2025-04-20 N/A
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
CVE-2017-2682 1 Siemens 1 Ruggedcom Network Management Software 2025-04-20 N/A
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
CVE-2017-6328 1 Symantec 1 Message Gateway 2025-04-20 N/A
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
CVE-2017-16565 1 Grandstream 2 Ht802, Ht802 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.