Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-27557 | Cross-Site Request Forgery (CSRF) vulnerability in Easycorp Zentao 12.5.3 A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | 4.3 |
| 2021-08-30 | CVE-2021-38342 | Cross-Site Request Forgery (CSRF) vulnerability in Kylephillips Nested Pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | 8.1 |
| 2021-08-30 | CVE-2020-18123 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | 6.5 |
| 2021-08-30 | CVE-2020-18124 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | 5.7 |
| 2021-08-29 | CVE-2021-40172 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | 8.8 |
| 2021-08-29 | CVE-2021-40173 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Cloud Security Plus 4.0/4.1 Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | 8.8 |
| 2021-08-29 | CVE-2021-40174 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | 8.8 |
| 2021-08-25 | CVE-2021-28070 | Cross-Site Request Forgery (CSRF) vulnerability in Popojicms 2.0.1 Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | 4.3 |
| 2021-08-24 | CVE-2020-18917 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | 8.8 |
| 2021-08-24 | CVE-2021-23431 | Cross-Site Request Forgery (CSRF) vulnerability in Joplinapp Joplin The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | 8.8 |