Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-05-10 CVE-2020-23376 Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
network
low complexity
5none CWE-352
6.1
6.1
2021-05-10 CVE-2020-19199 Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
network
low complexity
phpok CWE-352
8.8
8.8
2021-05-07 CVE-2021-32096 Cross-Site Request Forgery (CSRF) vulnerability in NSA Emissary 5.9.0
The ConsoleAction component of U.S.
network
low complexity
nsa CWE-352
8.8
8.8
2021-05-06 CVE-2020-23264 Cross-Site Request Forgery (CSRF) vulnerability in Fork-Cms Fork CMS
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
network
low complexity
fork-cms CWE-352
8.8
8.8
2021-05-06 CVE-2020-18889 Cross-Site Request Forgery (CSRF) vulnerability in Puppycms 5.1
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
network
low complexity
puppycms CWE-352
6.5
6.5
2021-05-06 CVE-2020-23127 Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.10
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
network
low complexity
chamilo CWE-352
8.8
8.8
2021-05-05 CVE-2020-36334 Cross-Site Request Forgery (CSRF) vulnerability in Themegrill Demo Importer
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
network
low complexity
themegrill CWE-352
8.8
8.8
2021-05-03 CVE-2021-29238 Cross-Site Request Forgery (CSRF) vulnerability in Codesys Automation Server
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
network
low complexity
codesys CWE-352
8.8
8.8
2021-04-29 CVE-2021-30224 Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.8.3
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
network
low complexity
rukovoditel CWE-352
8.8
8.8
2021-04-27 CVE-2020-21989 Cross-Site Request Forgery (CSRF) vulnerability in Homeautomation Project Homeautomation 3.3.2
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF).
network
low complexity
homeautomation-project CWE-352
8.8
8.8