映射到 CWE-352 的搜索结果 (1430)

CVE-2017-0933(发布:2018-03-22 10:29:00)NM
CVSS8.5

[原文]Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.

CVE-2018-1230(发布:2018-03-21 16:29:00)NMS
CVSS6.8

[原文]Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.

CVE-2014-1457(发布:2018-03-20 17:29:00)NMCS
CVSS6.8

[CNNVD]Open Web Analytics 跨站请求伪造漏洞--Open Web Analytics(OWA)是Open Web Analytics团队的一套基于PHP和MySQL的开源网站流量统计软件。该软件可用来追踪和分析用户访问的网站和应用程序,并能够与WordPress、MediaWiki集成使用。 Open Web Analytic...

CVE-2018-8811(发布:2018-03-20 03:29:00)NMP
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.

CVE-2014-2274(发布:2018-03-19 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.

CVE-2014-2550(发布:2018-03-19 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.

首页上一页56789101112下一页尾页 第7页 / 共239页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站