ReportizFlow
Filtered by vendor
Subscriptions
Total
8330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3148 | 1 Cisco | 1 Prime Network Registrar | 2024-11-21 | 7.1 High |
| A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device's configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device's configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR. | ||||
| CVE-2020-3135 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. | ||||
| CVE-2020-3124 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user. | ||||
| CVE-2020-3114 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. | ||||
| CVE-2020-36759 | 1 Cm-wp | 1 Woody Code Snippets | 2024-11-21 | 4.3 Medium |
| The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36758 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2024-11-21 | 4.3 Medium |
| The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36755 | 1 Presscustomizr | 1 Customizr | 2024-11-21 | 4.3 Medium |
| The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36754 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 4.3 Medium |
| The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36753 | 1 Presscustomizr | 1 Hueman | 2024-11-21 | 4.3 Medium |
| The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36751 | 1 Jesseeproductions | 1 Coupon Creator | 2024-11-21 | 4.3 Medium |
| The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36750 | 1 Ewww | 1 Image Optimizer | 2024-11-21 | 4.3 Medium |
| The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36740 | 1 Radio Buttons For Taxonomies Project | 1 Radio Buttons For Taxonomies | 2024-11-21 | 4.3 Medium |
| The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36633 | 1 Moodle-block Sitenews Project | 1 Moodle-block Sitenews | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879. | ||||
| CVE-2020-36625 | 1 Destiny | 1 Chat | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2020-36505 | 1 Delete All Comments Easily Project | 1 Delete All Comments Easily | 2024-11-21 | 6.5 Medium |
| The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. | ||||
| CVE-2020-36504 | 1 Wp-pro-quiz Project | 1 Wp-pro-quiz | 2024-11-21 | 6.5 Medium |
| The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog | ||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 4.3 Medium |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | ||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 8.8 High |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | ||||
| CVE-2020-36283 | 1 Hidglobal | 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more | 2024-11-21 | 9.6 Critical |
| HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. | ||||
| CVE-2020-36247 | 1 Osc | 1 Open Ondemand | 2024-11-21 | 8.8 High |
| Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | ||||