• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2020-12076

February 26, 2023 by

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.

CVE-2020-11825

February 26, 2023 by

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user’s session can be used in another user’s session. CSRF tokens should not be valid in this situation.

CVE-2020-11818

February 26, 2023 by

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user’s valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.

CVE-2020-11706

February 26, 2023 by

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server.

CVE-2020-11682

February 26, 2023 by

Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.

CVE-2020-11701

February 26, 2023 by

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 165
  • Go to page 166
  • Go to page 167
  • Go to page 168
  • Go to page 169
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE