Exploitdb Exploits
2,012 exploits tracked across all sources.
Blue-admin < 21.06.01 - CSRF
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
by Abisheik M
CVSS 8.8
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
by LiquidWorm
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
by LiquidWorm
Prowise Reflect <1.0.9 - Code Injection
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.
by Rik Lutz
CVSS 9.8
Arunna - CSRF
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
by =(L_L)=
CVSS 6.5
Hostel Management System 2.1 - XSS, CSRF
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
by Anubhav Singh
CVSS 8.8
Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
by Murat DEMİRCİ
Backdrop - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
by V1n1v131r4
CVSS 8.8
Codeinitiator Fitness Calculators < 1.9.6 - CSRF
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
by 0xB9
CVSS 4.3
Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
by Riadh Benlamine
Database-backups < 1.2.2.6 - CSRF
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
by 0xB9
CVSS 8.1
OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)
by Mert Daş
Intelbras RF 301k Firmware - CSRF
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
by Rodolfo Mariano
CVSS 8.8
Ubee EVW327 - CSRF
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent.
by lated
CVSS 5.3
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
by Rodolfo Mariano
CVSS 8.8
DMA Softlab Radius Manager 4.4.0 - CSRF
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
by Issac Briones
CVSS 8.8
GetSimple CMS Custom JS 0.1 - CSRF
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
by Abhishek Joshi
CVSS 5.3
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
by Fady Mohammed Osman
CVSS 8.8
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
Pixelimity 1.0 - CSRF
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
By Source