Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-3728 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 |
| 2021-08-23 | CVE-2021-3729 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-08-23 | CVE-2021-3730 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 |
| 2021-08-23 | CVE-2021-39243 | Cross-Site Request Forgery (CSRF) vulnerability in Altus products Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. | 6.5 |
| 2021-08-20 | CVE-2020-24130 | Cross-Site Request Forgery (CSRF) vulnerability in Ponzu-Cms Ponzu 0.11.0 A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | 8.1 |
| 2021-08-19 | CVE-2020-20642 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | 8.8 |
| 2021-08-19 | CVE-2021-28490 | Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0 In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 8.8 |
| 2021-08-19 | CVE-2021-34645 | Cross-Site Request Forgery (CSRF) vulnerability in Wpeasycart Shopping Cart & Ecommerce Store The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | 8.8 |
| 2021-08-18 | CVE-2020-19669 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | 8.8 |
| 2021-08-18 | CVE-2021-20758 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors. | 8.0 |