| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin |
| Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. |
| An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). |
| IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. |
| IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549. |
| Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability." |
| Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. |
| Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. |
| Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. |
| Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. |
| REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. |