映射到 CWE-352 的搜索结果 (1407)

CVE-2018-0210(发布:2018-03-08 02:29:00)NMS
CVSS6.8

[原文]A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvg88291.

CVE-2018-7565(发布:2018-03-07 15:29:00)NM
CVSS6.8

[原文]CSRF exists on Polycom QDX 6000 devices.

CVE-2018-7720(发布:2018-03-07 03:29:00)NM
CVSS6.8

[原文]A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.

CVE-2018-7733(发布:2018-03-06 13:29:00)NM
CVSS6.8

[原文]An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.

CVE-2018-7307(发布:2018-03-06 10:29:00)NM
CVSS6.8

[原文]The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.

CVE-2018-7634(发布:2018-03-01 18:29:00)NM
CVSS6.8

[原文]An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.

首页上一页4567891011下一页尾页 第6页 / 共235页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站