Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-08-19 CVE-2020-20642 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8
2021-08-19 CVE-2021-28490 Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
network
low complexity
owasp CWE-352
8.8
8.8
2021-08-19 CVE-2021-34645 Cross-Site Request Forgery (CSRF) vulnerability in Wpeasycart Shopping Cart & Ecommerce Store
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.
network
low complexity
wpeasycart CWE-352
8.8
8.8
2021-08-18 CVE-2020-19669 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8
2021-08-18 CVE-2021-20758 Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
network
low complexity
cybozu CWE-352
8.0
8.0
2021-08-17 CVE-2020-28846 Cross-Site Request Forgery (CSRF) vulnerability in Seacms 10.7
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
network
low complexity
seacms CWE-352
6.5
6.5
2021-08-17 CVE-2020-4992 Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5
2021-08-16 CVE-2021-24380 Cross-Site Request Forgery (CSRF) vulnerability in Shantz Wordpress Qotd Project Shantz Wordpress Qotd
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.
network
low complexity
shantz-wordpress-qotd-project CWE-352
4.3
4.3
2021-08-16 CVE-2021-24410 Cross-Site Request Forgery (CSRF) vulnerability in Telugu Bible Verse Daily Project Telugu Bible Verse Daily
The ?????? ?????? ??????? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page.
network
low complexity
telugu-bible-verse-daily-project CWE-352
6.1
6.1
2021-08-12 CVE-2020-20989 Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.13.0
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
network
low complexity
domainmod CWE-352
4.3
4.3