Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-21 | CVE-2021-34743 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. | 7.1 |
| 2021-10-21 | CVE-2021-39126 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. | 6.5 |
| 2021-10-21 | CVE-2021-42097 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 8.0 |
| 2021-10-20 | CVE-2021-21745 | Cross-Site Request Forgery (CSRF) vulnerability in ZTE Mf971R Firmware ZTE MF971R product has a Referer authentication bypass vulnerability. | 4.3 |
| 2021-10-19 | CVE-2021-3858 | Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | 8.8 |
| 2021-10-18 | CVE-2021-24752 | Cross-Site Request Forgery (CSRF) vulnerability in Catchplugins products Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations. | 5.7 |
| 2021-10-14 | CVE-2021-42228 | Cross-Site Request Forgery (CSRF) vulnerability in Kindsoft Kindeditor A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. | 8.8 |
| 2021-10-14 | CVE-2020-19964 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.6 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | 6.5 |
| 2021-10-13 | CVE-2021-20126 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorconnect 1.6.0 Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 8.8 |
| 2021-10-13 | CVE-2021-20795 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors. | 8.8 |