Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and p
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_me
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious w
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web p
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated a
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attac
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attacke
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submit
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting m
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_pa
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can
Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unin
Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker