ReportizFlow
Filtered by vendor
Subscriptions
Total
8329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | ||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | ||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | ||||
| CVE-2020-20595 | 1 Opms Project | 1 Opms | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | ||||
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 8.0 High |
| A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | ||||
| CVE-2020-20586 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 4.5 Medium |
| A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | ||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | ||||
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 6.5 Medium |
| White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | ||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 6.5 Medium |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | ||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 7.5 High |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | ||||
| CVE-2020-1925 | 2 Apache, Redhat | 2 Olingo, Jboss Fuse | 2024-11-21 | 7.5 High |
| Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | ||||
| CVE-2020-1692 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.1 High |
| Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | ||||
| CVE-2020-1103 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | ||||
| CVE-2020-19964 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 6.5 Medium |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | ||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | ||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.8 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | ||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.1 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | ||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | ||||
| CVE-2020-19669 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | ||||
| CVE-2020-19639 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. | ||||