Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2014-8072
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
Openmrs Openmrs 2.1
4.3
CVSSv2
CVE-2014-8071
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote malicious users to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5...
Openmrs Openmrs 2.1
4.3
CVSSv2
CVE-2013-4722
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) u...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5
CVSSv2
CVE-2013-4725
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmis...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5
CVSSv2
CVE-2013-2629
Leed (Light Feed), possibly prior to 1.5 Stable, allows remote malicious users to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
Idleman Leed
5.8
CVSSv2
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
5
CVSSv2
CVE-2013-4724
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote malicious users to obtain potentially sensitive informatio...
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
5
CVSSv2
CVE-2013-4728
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
6.8
CVSSv2
CVE-2014-8073
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote malicious users to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
Openmrs Openmrs 2.1
4.3
CVSSv2
CVE-2017-9032
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote malicious users to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.
Trendmicro Serverprotect 3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »