Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2021-31604
furlongm openvpn-monitor up to and including 1.1.3 allows CSRF to disconnect an arbitrary client.
Openvpn-monitor Project Openvpn-monitor
685
VMScore
CVE-2018-10312
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
Wuzhicms Wuzhi Cms 4.1.0
1 EDB exploit
685
VMScore
CVE-2016-0891
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM prior to 3.7 allow remote malicious users to hijack the authentication of administrators.
Emc Vipr Srm
1 EDB exploit
685
VMScore
CVE-2014-6409
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Mmonit M\\/monit
1 EDB exploit
685
VMScore
CVE-2013-0663
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote malicious users to hijack the au...
Schneider-electric Modicon Quantum Plc 140noe77101
Schneider-electric Modicon Quantum Plc 140nwm10000
Schneider-electric Modicon Quantum Plc 140noe77111
Schneider-electric Modicon M340 Bmxnoe0100x
Schneider-electric Modicon M340 Bmxnoe011xx
Schneider-electric Modicon M340 Bmxnoc0401
Schneider-electric Modicon Premium Tsxety5103
Schneider-electric Modicon Premium Tsxwmy100
Schneider-electric Modicon Premium Tsxety4103
1 EDB exploit
685
VMScore
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
685
VMScore
CVE-2018-7746
An issue exists in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Cobub Razor 0.7.2
1 EDB exploit
690
VMScore
CVE-2012-1416
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the defa...
Socialcms Socialcms 1.0.2
2 EDB exploits
685
VMScore
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
685
VMScore
CVE-2018-5720
An issue exists on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote malicious users to hijack the authentication of users for requests that modify all the settings. This vulne...
Dodocool Dc38 Firmware Rtn2-aw.gd.r3465.1.20161103
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »