• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-7701

February 26, 2023 by

Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.

CVE-2018-7720

February 26, 2023 by

A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.

CVE-2018-7724

February 26, 2023 by

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.

CVE-2018-7733

February 26, 2023 by

An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.

CVE-2018-7677

February 26, 2023 by

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.

CVE-2018-7590

February 26, 2023 by

CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 30
  • Go to page 31
  • Go to page 32
  • Go to page 33
  • Go to page 34
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE