Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-11-02 CVE-2021-29888 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2021-11-01 CVE-2021-24799 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq FAR Future Expiry Header
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
network
low complexity
tipsandtricks-hq CWE-352
4.3
4.3
2021-11-01 CVE-2021-24809 Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread.
network
low complexity
wordplus CWE-352
8.8
8.8
2021-10-27 CVE-2021-3900 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
6.5
6.5
2021-10-21 CVE-2021-20120 Cross-Site Request Forgery (CSRF) vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks.
network
low complexity
commscope CWE-352
8.8
8.8
2021-10-21 CVE-2021-34743 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent.
network
low complexity
cisco CWE-352
7.1
7.1
2021-10-21 CVE-2021-39126 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center and Jira Server
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token.
network
low complexity
atlassian CWE-352
6.5
6.5
2021-10-21 CVE-2021-42097 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
network
low complexity
gnu debian CWE-352
8.0
8.0
2021-10-20 CVE-2021-21745 Cross-Site Request Forgery (CSRF) vulnerability in ZTE Mf971R Firmware
ZTE MF971R product has a Referer authentication bypass vulnerability.
network
low complexity
zte CWE-352
4.3
4.3
2021-10-19 CVE-2021-3858 Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
snipeitapp CWE-352
8.8
8.8