Total
8023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11527 | 1 Cscms Project | 1 Cscms | 2024-11-21 | N/A |
| An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. | ||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2024-11-21 | N/A |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | ||||
| CVE-2018-11501 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | ||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | ||||
| CVE-2018-11448 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-11447 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | N/A |
| A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | ||||
| CVE-2018-11442 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | N/A |
| A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | ||||
| CVE-2018-11427 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2024-11-21 | N/A |
| CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | ||||
| CVE-2018-11406 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. | ||||
| CVE-2018-11405 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | N/A |
| Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | ||||
| CVE-2018-11371 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | N/A |
| SkyCaiji 1.2 allows CSRF to add an Administrator user. | ||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | ||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | ||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2024-11-21 | N/A |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | ||||
| CVE-2018-11096 | 1 Horse Market Sell \& Rent Portal Project | 1 Horse Market Sell \& Rent Portal | 2024-11-21 | N/A |
| Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. | ||||
| CVE-2018-11092 | 1 Admin Notes Project | 1 Admin Notes | 2024-11-21 | N/A |
| An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | ||||
| CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | ||||
| CVE-2018-11004 | 1 Sdcms | 1 Sdcms | 2024-11-21 | N/A |
| An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | ||||
| CVE-2018-11003 | 1 Yxcms | 1 Yxcms | 2024-11-21 | N/A |
| An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | ||||