Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2017-5264
Versions of Nexpose before 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Rapid7 Nexpose
1 EDB exploit
685
VMScore
CVE-2012-1936
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and previous versions associates a nonce with a user account instead of a user session, which might make it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks on speci...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
1 EDB exploit
685
VMScore
CVE-2015-4460
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box prior to 4.0.0 (r19171) allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...
Boxautomation C2box
1 EDB exploit
685
VMScore
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin prior to 3.1.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Xcloner Xcloner
Xcloner Xcloner 2.1.2
Xcloner Xcloner 3.0
Xcloner Xcloner 3.0.3
Xcloner Xcloner 3.0.1
Xcloner Xcloner 3.0.6
Xcloner Xcloner 3.0.8
Xcloner Xcloner 3.0.7
Xcloner Xcloner 3.0.5
Xcloner Xcloner 3.0.2
Xcloner Xcloner 3.0.4
Xcloner Xcloner 2.2.1
Xcloner Xcloner 2.1
1 EDB exploit
685
VMScore
CVE-2014-2225
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller prior to 3.2.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspe...
Ui Airvision Controller
Ui Mfi Controller
Ui Unifi Controller
1 EDB exploit
685
VMScore
CVE-2018-15844
An issue exists in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
Damicms Damicms 6.0.0
1 EDB exploit
685
VMScore
CVE-2018-11670
An issue exists in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows malicious users to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
Njtech Greencms 2.3.0603
1 EDB exploit
435
VMScore
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
Meisivod Msvod 10
1 EDB exploit
440
VMScore
CVE-2009-4364
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote malicious users to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obta...
Scriptsez Ez Blog
2 EDB exploits
440
VMScore
CVE-2009-4365
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment act...
Scriptsez Ez Blog 1.0
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »