映射到 CWE-352 的搜索结果 (1344)

CVE-2018-5976(发布:2018-01-24 05:29:00)NM
CVSS6.8

[原文]Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.

CVE-2018-6009(发布:2018-01-22 17:29:00)NM
CVSS6.8

[原文]In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.

CVE-2018-0107(发布:2018-01-18 01:29:01)NMS
CVSS6.8

[原文]A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.

CVE-2018-5329(发布:2018-01-15 16:29:00)NM
CVSS6.8

[原文]ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

CVE-2018-5673(发布:2018-01-12 19:29:01)NM
CVSS6.8

[原文]An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.

CVE-2018-5669(发布:2018-01-12 19:29:00)NM
CVSS6.8

[原文]An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.

首页上一页12345678下一页尾页 第2页 / 共224页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站