Search Results (9423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3271 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
CVE-2011-5011 1 Xt-commerce 1 Xt-commerce 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.
CVE-2010-5085 1 Hulihanapplications 1 Amethyst 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
CVE-2012-1636 2 Drupal, Luke Herrington 2 Drupal, Stickynote 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.
CVE-2010-1767 1 Google 1 Chrome 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
CVE-2012-1633 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
CVE-2012-1631 2 Databasepublish, Drupal 2 Admin\, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
CVE-2010-1648 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.
CVE-2012-1578 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
CVE-2012-1580 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
CVE-2010-1611 1 Alegrocart 1 Alegrocart 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.
CVE-2011-4133 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
CVE-2011-3293 1 Cisco 1 Secure Access Control Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
CVE-2013-3963 1 Grandstream 11 Gxv3500, Gxv3501, Gxv3504 and 8 more 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
CVE-2011-1682 1 Tincan 1 Phplist 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4981 1 Keil-software 1 Photokorn Gallery 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.
CVE-2011-5068 1 Sitracker 1 Support Incident Tracker 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
CVE-2010-0992 1 Pulsecms 1 Pulse Cms 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks.
CVE-2011-5131 1 Mybb 1 Mybb 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
CVE-2011-3381 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.