CWE-352

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

e107 2.1.8 has CSRF in ‘usersettings.php’ with an impact of changing details such as passwords of users including administrators.

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account’s password via /admin.php?s=/Admin/doedit.

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.

An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator’s password via index.php?p=done&savedata=1.

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.