| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. |
| A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. |
| In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. |
| CFME: CSRF protection vulnerability via permissive check of the referrer header |
| katello-headpin is vulnerable to CSRF in REST API |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. |
| SPBAS Business Automation Software 2012 has CSRF. |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. |
| NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. |
| Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi. |
| ASUS RT-N56U devices allow CSRF. |
| WordPress plugin wp-cleanfix has Remote Code Execution |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF |
