qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. (CVSS:0.0) (Last Update:2019-10-15)

JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. (CVSS:0.0) (Last Update:2019-10-14)

An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI, (CVSS:0.0) (Last Update:2019-10-12)

An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. (CVSS:0.0) (Last Update:2019-10-10)

An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. (CVSS:0.0) (Last Update:2019-10-10)

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. (CVSS:0.0) (Last Update:2019-10-10)

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. (CVSS:0.0) (Last Update:2019-10-09)