ReportizFlow
Filtered by vendor
Subscriptions
Total
8880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35560 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-09 | 4.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN. | ||||
| CVE-2024-35561 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-09 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. | ||||
| CVE-2022-4849 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2024-30458 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-04-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. | ||||
| CVE-2024-30456 | 1 Pluginus | 1 Wordpress Currency Switcher | 2025-04-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1. | ||||
| CVE-2024-1325 | 1 Delabon | 1 Woomotiv | 2025-04-09 | 4.3 Medium |
| The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-4867 | 1 Froxlor | 1 Froxlor | 2025-04-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | ||||
| CVE-2022-4844 | 1 Usememos | 1 Memos | 2025-04-09 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | 4.3 Medium |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | ||||
| CVE-2008-6905 | 1 Babbleboard | 1 Babbleboard | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page. | ||||
| CVE-2007-3457 | 1 Adobe | 1 Flash Player | 2025-04-09 | N/A |
| Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | ||||
| CVE-2009-2964 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. | ||||
| CVE-2008-2043 | 1 Cpanel | 1 Cpanel | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. | ||||
| CVE-2008-3220 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | ||||
| CVE-2009-0039 | 1 Apache | 1 Geronimo | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. | ||||
| CVE-2008-2071 | 1 Cpanel | 1 Cpanel | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. | ||||
| CVE-2008-6106 | 1 Ibm | 2 Workplace For Business Controls And Reporting, Workplace Web Content Management | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1106 | 2 Akamai Technologies, Red Swoosh | 2 Client, Client | 2025-04-09 | N/A |
| The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | ||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | ||||
| CVE-2007-5060 | 1 Xcms | 1 Xcms | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. | ||||