Html Exploits
2,074 exploits tracked across all sources.
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
by Rodolfo Mariano
CVSS 8.8
DMA Softlab Radius Manager 4.4.0 - CSRF
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
by Issac Briones
CVSS 8.8
GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
by Abhishek Joshi
CVSS 5.3
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
by Fady Mohammed Osman
CVSS 8.8
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
by LiPeiYi
CVSS 5.3
STVS ProVision 5.9.10 - Cross-Site Request Forgery
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
by LiquidWorm
CVSS 8.8
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
by Ninad Mishra
CVSS 8.8
PHPFusion 9.03.90 - Cross-Site Request Forgery
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
by Mohamed Oosman
CVSS 4.3
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
by Google Security Research
WebKit - Universal XSS in WebCore::command
by Google Security Research
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
by 0xB9
CVSS 8.8
NETSAS ENIGMA NMS < 65.0.0 - Cross-Site Request Forgery via manage_files.cgi
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
by xerubus
CVSS 8.8
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
by Bhadresh Patel
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
by Princy Edward
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
by Google Security Research
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
by Alperen Soydan
WordPress Simple Membership <3.8.5 - CSRF
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
by rubyman
CVSS 8.8
By Source