• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-17168

February 26, 2023 by

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).

CVE-2018-17102

February 26, 2023 by

An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.

CVE-2018-17103

February 26, 2023 by

** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator’s password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.

CVE-2018-17104

February 26, 2023 by

An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.

CVE-2018-1712

February 26, 2023 by

IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

CVE-2018-17069

February 26, 2023 by

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 58
  • Go to page 59
  • Go to page 60
  • Go to page 61
  • Go to page 62
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE