• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2021-37366

February 23, 2023 by

CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.

CVE-2021-37381

February 23, 2023 by

Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users’ private information such as photos through CSRF. For example: any student’s photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user’s login related information. It can protect the user’s identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].

CVE-2021-3728

February 23, 2023 by

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-3729

February 23, 2023 by

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-3730

February 23, 2023 by

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-3734

February 23, 2023 by

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 264
  • Go to page 265
  • Go to page 266
  • Go to page 267
  • Go to page 268
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE