• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2019-12361

February 26, 2023 by

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

CVE-2019-12363

February 26, 2023 by

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.

CVE-2019-12239

February 26, 2023 by

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.

CVE-2019-12246

February 26, 2023 by

SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.

CVE-2019-12253

February 26, 2023 by

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.

CVE-2019-12273

February 26, 2023 by

** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 228
  • Go to page 229
  • Go to page 230
  • Go to page 231
  • Go to page 232
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE