Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Serv-U server responds with valid CSRFToken when the request contains only Session. | 8.8 |
| 2021-12-06 | CVE-2021-24914 | Cross-Site Request Forgery (CSRF) vulnerability in Tawk Tawk.To Live Chat The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. | 8.0 |
| 2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-12-02 | CVE-2021-44227 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | 8.8 |
| 2021-12-01 | CVE-2021-3993 | Cross-Site Request Forgery (CSRF) vulnerability in Showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 |
| 2021-12-01 | CVE-2021-20851 | Cross-Site Request Forgery (CSRF) vulnerability in Browser and Operating System Finder Project Browser and Operating System Finder Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. | 8.8 |
| 2021-12-01 | CVE-2021-20860 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom products Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. | 8.8 |
| 2021-11-24 | CVE-2021-20842 | Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page. | 6.5 |
| 2021-11-24 | CVE-2021-20845 | Cross-Site Request Forgery (CSRF) vulnerability in Xml-Sitemaps Unlimited Sitemap Generator Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page. | 8.8 |
| 2021-11-24 | CVE-2021-20846 | Cross-Site Request Forgery (CSRF) vulnerability in Delitestudio Push Notifications for Wordpress Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page. | 8.8 |