Html Exploits

2,053 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110272 EXPLOITDB html
OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)
by Mert Daş
CVE-2021-32403 EXPLOITDB HIGH html
Intelbras RF 301k Firmware - CSRF
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
by Rodolfo Mariano
CVSS 8.8
CVE-2021-47820 EXPLOITDB MEDIUM html
Ubee EVW327 - CSRF
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent.
by lated
CVSS 5.3
EIP-2026-102003 EXPLOITDB html
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
EIP-2026-102002 EXPLOITDB html
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
CVE-2021-31152 EXPLOITDB HIGH html
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
by Rodolfo Mariano
CVSS 8.8
CVE-2021-30147 EXPLOITDB HIGH html
DMA Softlab Radius Manager 4.4.0 - CSRF
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
by Issac Briones
CVSS 8.8
CVE-2021-47860 EXPLOITDB MEDIUM html
GetSimple CMS Custom JS 0.1 - CSRF
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
by Abhishek Joshi
CVSS 5.3
EIP-2026-102025 EXPLOITDB html
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
CVE-2021-28379 EXPLOITDB HIGH html
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
by Fady Mohammed Osman
CVSS 8.8
EIP-2026-117501 EXPLOITDB html
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
CVE-2020-23522 EXPLOITDB MEDIUM html
Pixelimity 1.0 - CSRF
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
EIP-2026-105549 EXPLOITDB html
bloofoxCMS 0.5.2.1 - CSRF (Add user)
by LiPeiYi
EIP-2026-103527 EXPLOITDB html
jQuery UI 1.12.1 - Denial of Service (DoS)
by Rafael Cintra Lopes
CVE-2021-47723 EXPLOITDB HIGH html
STVS ProVision 5.9.10 - CSRF
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
by LiquidWorm
CVSS 8.8
CVE-2021-47730 EXPLOITDB HIGH html
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
CVE-2020-23342 EXPLOITDB HIGH html
Anchor CMS 0.12.7 - CSRF
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
by Ninad Mishra
CVSS 8.8
CVE-2020-35687 EXPLOITDB MEDIUM html
Php-fusion Phpfusion - CSRF
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
by Mohamed Oosman
CVSS 4.3
CVE-2020-29597 EXPLOITDB CRITICAL html
IncomCMS 2.0 - File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
EIP-2026-103710 EXPLOITDB html VERIFIED
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
by Google Security Research
EIP-2026-103708 EXPLOITDB html VERIFIED
WebKit - Universal XSS in WebCore::command
by Google Security Research
CVE-2019-16531 EXPLOITDB HIGH html
LayerBB <1.1.4 - CSRF
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
by 0xB9
CVSS 8.8
CVE-2019-16068 EXPLOITDB HIGH html
NETSAS ENIGMA NMS <65.0.0 - CSRF
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
by xerubus
CVSS 8.8
EIP-2026-104494 EXPLOITDB html
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
by Bhadresh Patel
EIP-2026-113532 EXPLOITDB html
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
by Princy Edward
By Source
All 2,053 Exploitdb 50,123 Writeup 46,583 Nomisec 21,108 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24