Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35675 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 8.8 High |
| BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application. | ||||
| CVE-2020-35626 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.8 High |
| An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. | ||||
| CVE-2020-35347 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.5 Medium |
| CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | ||||
| CVE-2020-35273 | 1 Egavilanmedia | 1 User Registration \& Login System With Admin Panel | 2024-11-21 | 8.0 High |
| EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account. | ||||
| CVE-2020-35269 | 1 Nagios | 1 Nagios Core | 2024-11-21 | 8.8 High |
| Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. | ||||
| CVE-2020-35223 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.8 High |
| The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | ||||
| CVE-2020-35217 | 1 Eclipse | 1 Vert.x-web | 2024-11-21 | 8.8 High |
| Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack. | ||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2024-11-21 | 8.8 High |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | ||||
| CVE-2020-2321 | 1 Jenkins | 1 Shelve Project | 2024-11-21 | 8.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | ||||
| CVE-2020-2303 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | ||||
| CVE-2020-2296 | 1 Jenkins | 1 Shared Objects | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. | ||||
| CVE-2020-2295 | 1 Barchart | 1 Maven Cascade Release | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | ||||
| CVE-2020-2281 | 1 Jenkins | 1 Lockable Resources | 2024-11-21 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | ||||
| CVE-2020-2280 | 1 Jenkins | 1 Warnings | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | ||||
| CVE-2020-2273 | 1 Jenkins | 1 Elastest | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | ||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | ||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||