Total
8114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38342 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 8.1 High |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | ||||
| CVE-2021-37725 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 8.1 High |
| A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | ||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2024-11-21 | 8.8 High |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | ||||
| CVE-2021-37366 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 8.8 High |
| CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | ||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | ||||
| CVE-2021-36543 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | ||||
| CVE-2021-36542 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | ||||
| CVE-2021-35491 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14. | ||||
| CVE-2021-35343 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | ||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 8.3 High |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | ||||
| CVE-2021-34773 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts. | ||||
| CVE-2021-34743 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 4.3 Medium |
| A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile. | ||||
| CVE-2021-34637 | 1 Post Index Project | 1 Post Index | 2024-11-21 | 8.8 High |
| The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. | ||||
| CVE-2021-34634 | 1 Sola-newsletters Project | 1 Sola-newsletters | 2024-11-21 | 8.8 High |
| The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | ||||
| CVE-2021-34633 | 1 Youtube Feeder Project | 1 Youtube Feeder | 2024-11-21 | 8.8 High |
| The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | ||||
| CVE-2021-34632 | 1 Seo Backlinks Project | 1 Seo Backlinks | 2024-11-21 | 8.8 High |
| The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | ||||
| CVE-2021-34631 | 1 Ipdgroup | 1 Newsplugin | 2024-11-21 | 8.8 High |
| The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | ||||
| CVE-2021-34628 | 1 Weblizar | 1 Admin Custom Login | 2024-11-21 | 8.8 High |
| The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | ||||
| CVE-2021-34620 | 1 Fluentforms | 1 Contact Form | 2024-11-21 | 8.8 High |
| The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions | ||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2024-11-21 | 8.8 High |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | ||||