Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2020-21141 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 8.8 |
| 2021-11-10 | CVE-2020-28137 | Cross-Site Request Forgery (CSRF) vulnerability in Genexis Platinum 4410 Firmware P4410V21.28 Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. | 6.5 |
| 2021-11-10 | CVE-2021-40518 | Cross-Site Request Forgery (CSRF) vulnerability in Airangel products Airangel HSMX Gateway devices through 5.2.04 allow CSRF. | 6.5 |
| 2021-11-10 | CVE-2021-41426 | Cross-Site Request Forgery (CSRF) vulnerability in Beeline Smart BOX Firmware 2.0.38 Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. | 8.8 |
| 2021-11-08 | CVE-2021-24674 | Cross-Site Request Forgery (CSRF) vulnerability in Genie WP Favicon Project Genie WP Favicon The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack | 6.5 |
| 2021-11-08 | CVE-2021-24806 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. | 4.3 |
| 2021-11-08 | CVE-2021-24832 | Cross-Site Request Forgery (CSRF) vulnerability in WP SEO Redirect 301 Project WP SEO Redirect 301 The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 |
| 2021-11-04 | CVE-2020-21139 | Cross-Site Request Forgery (CSRF) vulnerability in EC Cloud E-Commerce System Project EC Cloud E-Commerce System 1.3 EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. | 6.5 |
| 2021-11-04 | CVE-2021-34773 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. | 6.5 |
| 2021-11-02 | CVE-2020-23686 | Cross-Site Request Forgery (CSRF) vulnerability in Ayacms Project Ayacms 3.1.2 Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | 8.8 |