映射到 CWE-352 的搜索结果 (1407)

CVE-2018-7524(发布:2018-03-22 14:29:01)NM
CVSS6.8

[原文]A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.

CVE-2017-0933(发布:2018-03-22 10:29:00)NM
CVSS8.5

[原文]Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.

CVE-2018-1230(发布:2018-03-21 16:29:00)NMS
CVSS6.8

[原文]Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.

CVE-2014-1457(发布:2018-03-20 17:29:00)NMCS
CVSS6.8

[CNNVD]Open Web Analytics 跨站请求伪造漏洞--Open Web Analytics(OWA)是Open Web Analytics团队的一套基于PHP和MySQL的开源网站流量统计软件。该软件可用来追踪和分析用户访问的网站和应用程序,并能够与WordPress、MediaWiki集成使用。 Open Web Analytic...

CVE-2018-8811(发布:2018-03-20 03:29:00)NMP
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.

CVE-2014-2274(发布:2018-03-19 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.

首页上一页12345678下一页尾页 第3页 / 共235页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站