| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. |
| Readymade Job Site Script has CSRF via the /job URI. |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. |
| Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. |
| admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. |
| Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. |
| HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services. |
| There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. |
| There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. |
| There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. |
| e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker. |
| The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. |
