映射到 CWE-352 的搜索结果 (1324)

CVE-2015-2143(发布:2017-10-06 18:29:00)NM
CVSS6.8

[原文]Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.

CVE-2016-6806(发布:2017-10-02 21:29:00)NMS
CVSS6.8

[原文]Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.

CVE-2015-9233(发布:2017-09-29 21:29:00)NM
CVSS6.8

[原文]The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

CVE-2017-7969(发布:2017-09-25 21:29:03)NMS
CVSS6.8

[原文]A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

CVE-2015-5182(发布:2017-09-25 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

CVE-2015-7293(发布:2017-09-25 17:29:00)NM
CVSS6.8

[原文]Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

首页上一页23456789下一页尾页 第4页 / 共221页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站