Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31152 | 1 Multilaser | 2 Ac1200 Re018, Ac1200 Re018 Firmware | 2024-11-21 | 8.8 High |
| Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | ||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | ||||
| CVE-2021-30147 | 1 Dmasoftlab | 1 Radius Manager | 2024-11-21 | 8.8 High |
| DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | ||||
| CVE-2021-30114 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | ||||
| CVE-2021-30112 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | ||||
| CVE-2021-29995 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1. | ||||
| CVE-2021-29888 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. | ||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | ||||
| CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | ||||
| CVE-2021-29816 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. | ||||
| CVE-2021-29757 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 8.8 High |
| IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168. | ||||
| CVE-2021-29756 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 8.8 High |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | ||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | ||||
| CVE-2021-29624 | 1 Fastify | 1 Fastify-csrf | 2024-11-21 | 6.5 Medium |
| fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains. | ||||
| CVE-2021-29436 | 1 Anuko | 1 Time Tracker | 2024-11-21 | 5.4 Medium |
| Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed(). | ||||
| CVE-2021-29435 | 1 Trestle-auth Project | 1 Trestle-auth | 2024-11-21 | 8.1 High |
| trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems. | ||||
| CVE-2021-29400 | 1 Netexplorer | 1 My Smtp Contact | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site. | ||||
| CVE-2021-29349 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.5 Medium |
| Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. | ||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 8.8 High |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | ||||
| CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2024-11-21 | 8.8 High |
| CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | ||||