• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2020-23593

February 26, 2023 by

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ‘ /mgm_log_cfg.asp.’ The system starts to log events, ‘Remote’ mode or ‘Both’ mode on “Syslog — Configuration page” logs events and sends to remote syslog server IP and Port.

CVE-2020-23631

February 26, 2023 by

Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.

CVE-2020-23376

February 26, 2023 by

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.

CVE-2020-23426

February 26, 2023 by

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

CVE-2020-23451

February 26, 2023 by

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.

CVE-2020-23522

February 26, 2023 by

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 137
  • Go to page 138
  • Go to page 139
  • Go to page 140
  • Go to page 141
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE