Search Results (10347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7431 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
CVE-2017-7990 1 Openmrs 1 Openmrs Module Reporting 2025-04-20 N/A
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
CVE-2017-8082 1 Concretecms 1 Concrete Cms 2025-04-20 N/A
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
CVE-2017-8098 1 E107 1 E107 2025-04-20 N/A
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
CVE-2017-8099 1 Browserweb Inc 1 Whizz 2025-04-20 N/A
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.
CVE-2017-8100 1 Artistscope 1 Copysafe Web Protection 2025-04-20 N/A
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
CVE-2017-8138 1 Huawei 1 Hedex Lite 2025-04-20 N/A
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.
CVE-2017-8152 1 Huawei 2 Honor 5s, Honor 5s Firmware 2025-04-20 N/A
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.
CVE-2017-8836 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
CVE-2017-8848 1 Allen Disk Project 1 Allen Disk 2025-04-20 N/A
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
CVE-2017-8874 1 Acquia 1 Mautic 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
CVE-2017-8875 1 Codection 1 Clean Login 2025-04-20 N/A
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.
CVE-2017-9489 2 Cisco, Commscope 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more 2025-04-20 8.8 High
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
CVE-2017-9490 3 Arris, Cisco, Commscope 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more 2025-04-20 N/A
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
CVE-2017-9498 2 Comcast, Motorola 4 Xfinity Xr11-20, Xfinity Xr11-20 Firmware, Mx011anm and 1 more 2025-04-20 N/A
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware.
CVE-2017-9517 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
CVE-2017-9606 1 Infotecs 2 Vipnet Client, Vipnet Coordinator 2025-04-20 N/A
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
CVE-2017-9673 1 Simplece 1 Simplece 2025-04-20 N/A
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.
CVE-2024-30617 1 Chamilo 1 Chamilo Lms 2025-04-18 5.4 Medium
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
CVE-2024-3756 1 Mf Gig Calendar Project 1 Mf Gig Calendar 2025-04-18 7.5 High
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack