| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. |
| Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. |
| The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. |
| Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. |
| Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. |
| Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. |
| Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. |
| Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. |
| Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. |
| Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
