• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-16952

February 26, 2023 by

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user’s password). NOTE: this CVE is assigned by MITRE and isn’t validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16854

February 26, 2023 by

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.

CVE-2018-16795

February 26, 2023 by

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.

CVE-2018-16832

February 26, 2023 by

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.

CVE-2018-16732

February 26, 2023 by

uploadpluginssysadminSetting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

CVE-2018-16650

February 26, 2023 by

phpMyFAQ before 2.9.11 allows CSRF.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 60
  • Go to page 61
  • Go to page 62
  • Go to page 63
  • Go to page 64
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE