ReportizFlow
Filtered by vendor
Subscriptions
Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3921 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3901 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3900 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 6.5 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3858 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3819 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3776 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3775 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3734 | 1 Yourls | 1 Yourls | 2024-11-21 | 8.8 High |
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | ||||
| CVE-2021-3730 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 6.5 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3729 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3728 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 6.5 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3683 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.5 Medium |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3133 | 1 Sean-barton | 1 Elementor Contact Form Db | 2024-11-21 | 6.5 Medium |
| The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. | ||||
| CVE-2021-39394 | 1 Mm-wiki Project | 1 Mm-wiki | 2024-11-21 | 6.5 Medium |
| mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | ||||
| CVE-2021-39243 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2024-11-21 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | ||||
| CVE-2021-39209 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.8 High |
| GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. | ||||
| CVE-2021-39198 | 1 Oroinc | 1 Client Relationship Management | 2024-11-21 | 4.2 Medium |
| OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. | ||||
| CVE-2021-39197 | 1 Better Errors Project | 1 Better Errors | 2024-11-21 | 6.3 Medium |
| better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to "~> 2.8.3". There are no known workarounds to mitigate the risk of using older releases of better_errors. | ||||
| CVE-2021-39133 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 7.2 High |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. | ||||
| CVE-2021-39126 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | ||||