Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-31604 | Cross-Site Request Forgery (CSRF) vulnerability in Openvpn-Monitor Project Openvpn-Monitor furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | 6.5 |
| 2021-09-24 | CVE-2020-20514 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | 8.1 |
| 2021-09-23 | CVE-2020-19951 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | 8.8 |
| 2021-09-23 | CVE-2021-29816 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2021-09-23 | CVE-2021-22949 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | 5.4 |
| 2021-09-23 | CVE-2021-22950 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | 6.5 |
| 2021-09-23 | CVE-2021-22953 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | 5.4 |
| 2021-09-20 | CVE-2021-24583 | Cross-Site Request Forgery (CSRF) vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. | 4.3 |
| 2021-09-15 | CVE-2020-21321 | Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0 emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. | 4.3 |
| 2021-09-15 | CVE-2021-40965 | Cross-Site Request Forgery (CSRF) vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | 8.8 |