ReportizFlow
Filtered by vendor
Subscriptions
Total
8329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24570 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 6.5 Medium |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | ||||
| CVE-2020-24373 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | ||||
| CVE-2020-24271 | 1 Easycms | 1 Easycms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | ||||
| CVE-2020-24130 | 1 Ponzu-cms | 1 Ponzu | 2024-11-21 | 8.1 High |
| A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | ||||
| CVE-2020-24033 | 1 Fs | 2 S3900 24t4s, S3900 24t4s Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. | ||||
| CVE-2020-23960 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | ||||
| CVE-2020-23837 | 1 Multi User Project | 1 Multi User | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. | ||||
| CVE-2020-23836 | 1 Oswapp | 1 Warehouse Inventory System | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. | ||||
| CVE-2020-23830 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 7.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | ||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2024-11-21 | 8.8 High |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | ||||
| CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2024-11-21 | 8.8 High |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | ||||
| CVE-2020-23631 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 6.1 Medium |
| Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | ||||
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | ||||
| CVE-2020-23522 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 6.8 Medium |
| Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | ||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 8.8 High |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | ||||
| CVE-2020-23426 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | ||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2024-11-21 | 6.1 Medium |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | ||||
| CVE-2020-23342 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | ||||
| CVE-2020-23264 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | ||||
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 8.8 High |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | ||||