Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2018-15845
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
Gleezcms Gleez Cms 1.2.0
1 EDB exploit
685
VMScore
CVE-2017-16244
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an malicious user to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF hea...
Octobercms October 1.0.426
1 EDB exploit
685
VMScore
CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
Photography Cms Project Photography Cms 1.0
1 EDB exploit
685
VMScore
CVE-2014-3778
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote malicious users to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsServ...
Commscope Arris Sbg901 -
1 EDB exploit
435
VMScore
CVE-2019-7440
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
Jio Jiofi 4g M2s Firmware 1.0.2
1 EDB exploit
685
VMScore
CVE-2018-8908
An issue exists in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges...
Frog Cms Project Frog Cms 0.9.5
1 EDB exploit
685
VMScore
CVE-2018-8979
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Open-audit Open-audit 2.1
1 EDB exploit
685
VMScore
CVE-2014-4865
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote malicious users to hijack the authentication of arbitrary users.
Cacheguard Cacheguardos 5.7.7
1 EDB exploit
690
VMScore
CVE-2012-1922
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote malicious users to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port ...
Sitecom Wlm-2501 -
2 EDB exploits
795
VMScore
CVE-2016-7454
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an malicious user to change the Wi-Fi password, open the remote management interface, or reset the router.
Technicolor Xfinity Gateway Router Dpc3941t Firmware Dpc3941-p20-18-v303r20421733-160413a-cmcst
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »