| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085. |
| A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. |
| A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. |
| Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. |
| In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. |
| Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. |
| Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. |
| Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. |
| The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. |
| Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. |
