Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-20102 | Cross-Site Request Forgery (CSRF) vulnerability in Machform Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. | 8.8 |
| 2021-06-29 | CVE-2021-20580 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-06-22 | CVE-2020-18648 | Cross-Site Request Forgery (CSRF) vulnerability in Juqingcms 1.0 Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add". | 8.8 |
| 2021-06-22 | CVE-2021-34244 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 29.0.0.Os A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords. | 8.8 |
| 2021-06-21 | CVE-2020-20468 | Cross-Site Request Forgery (CSRF) vulnerability in White Shark Systems Project White Shark Systems 1.3.2 White Shark System (WSS) 1.3.2 is vulnerable to CSRF. | 6.5 |
| 2021-06-17 | CVE-2021-32424 | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tw100-S4W1Ca Firmware 2.3.32 In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. | 8.8 |
| 2021-06-17 | CVE-2020-36389 | Cross-Site Request Forgery (CSRF) vulnerability in Civicrm In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | 4.3 |
| 2021-06-16 | CVE-2020-35759 | Cross-Site Request Forgery (CSRF) vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). | 6.5 |
| 2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 8.8 |
| 2021-06-10 | CVE-2021-21665 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Deploy A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 8.8 |