Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-12603
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote malicious users to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
Lfdycms Lfcms 3.7.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-12739
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
Beescms Beescms 4.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-10312
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
Wuzhicms Wuzhi Cms 4.1.0
1 EDB exploit
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.3
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.1
1 EDB exploit
NA
CVE-2012-1936
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and previous versions associates a nonce with a user account instead of a user session, which might make it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks on speci...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
1 EDB exploit
7.5
CVSSv3
CVE-2017-9415
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
Subsonic Subsonic 6.1.1
1 EDB exploit
8.8
CVSSv3
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
NA
CVE-2012-1416
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the defa...
Socialcms Socialcms 1.0.2
2 EDB exploits
NA
CVE-2014-6409
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Mmonit M\\/monit
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »