Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-25987
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.
Monocms Monocms 1.0
8.1
CVSSv3
CVE-2018-12455
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an malicious user to authenticate in the web interface just by using "admin:" as the name of a cookie.
Intelbras Nplug Firmware 1.0.0.14
8.8
CVSSv3
CVE-2018-12456
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing malicious users to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
Intelbras Nplug Firmware 1.0.0.14
NA
CVE-2014-9400
Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks...
Wp Unique Article Header Image Project Wp Unique Article Header Image
NA
CVE-2014-0745
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
Cisco Unified Contact Center Express Editor Software -
5.4
CVSSv3
CVE-2018-10164
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
8.8
CVSSv3
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an malicious user to submit authenticated requests when an authenticated user browses an attack-contr...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
8.8
CVSSv3
CVE-2018-10168
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
8.1
CVSSv3
CVE-2022-4704
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4705
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to...
Royal-elementor-addons Royal Elementor Addons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »