Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2018-12739
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
Beescms Beescms 4.0
1 EDB exploit
685
VMScore
CVE-2015-2878
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote malicious users to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (...
Watchguard Hawkeye G 3.0.1.4912
1 EDB exploit
435
VMScore
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
Meisivod Msvod 10
1 EDB exploit
685
VMScore
CVE-2014-2225
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller prior to 3.2.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspe...
Ui Airvision Controller
Ui Mfi Controller
Ui Unifi Controller
1 EDB exploit
685
VMScore
CVE-2014-2340
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin prior to 3.1.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Xcloner Xcloner
Xcloner Xcloner 2.1.2
Xcloner Xcloner 3.0
Xcloner Xcloner 3.0.3
Xcloner Xcloner 3.0.1
Xcloner Xcloner 3.0.6
Xcloner Xcloner 3.0.8
Xcloner Xcloner 3.0.7
Xcloner Xcloner 3.0.5
Xcloner Xcloner 3.0.2
Xcloner Xcloner 3.0.4
Xcloner Xcloner 2.2.1
Xcloner Xcloner 2.1
1 EDB exploit
685
VMScore
CVE-2018-11670
An issue exists in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows malicious users to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
Njtech Greencms 2.3.0603
1 EDB exploit
685
VMScore
CVE-2018-15844
An issue exists in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
Damicms Damicms 6.0.0
1 EDB exploit
440
VMScore
CVE-2009-4365
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment act...
Scriptsez Ez Blog 1.0
2 EDB exploits
440
VMScore
CVE-2009-4366
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote malicious users to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
Scriptsez Ez Blog 1.0
2 EDB exploits
440
VMScore
CVE-2009-4364
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote malicious users to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obta...
Scriptsez Ez Blog
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »