| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) |
| A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. |
| phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. |
| A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. |
| A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. |
| In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted. |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). |
