Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-37725 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. | 8.1 |
| 2021-09-01 | CVE-2020-20343 | Cross-Site Request Forgery (CSRF) vulnerability in Wtcms Project Wtcms 1.0 WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | 6.5 |
| 2021-08-31 | CVE-2020-19047 | Cross-Site Request Forgery (CSRF) vulnerability in Iwebshop 5.3 Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | 8.8 |
| 2021-08-31 | CVE-2021-21678 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 |
| 2021-08-31 | CVE-2021-21679 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 |
| 2021-08-31 | CVE-2021-27557 | Cross-Site Request Forgery (CSRF) vulnerability in Easycorp Zentao 12.5.3 A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | 4.3 |
| 2021-08-30 | CVE-2021-38342 | Cross-Site Request Forgery (CSRF) vulnerability in Kylephillips Nested Pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | 8.1 |
| 2021-08-30 | CVE-2020-18123 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | 6.5 |
| 2021-08-30 | CVE-2020-18124 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | 5.7 |
| 2021-08-29 | CVE-2021-40172 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | 8.8 |