Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-32776 Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop
Combodo iTop is a web based IT Service Management tool.
network
low complexity
combodo CWE-352
8.8
8.8
2021-07-21 CVE-2021-21407 Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop
Combodo iTop is an open source, web based IT Service Management tool.
network
low complexity
combodo CWE-352
6.5
6.5
2021-07-21 CVE-2021-34619 Cross-Site Request Forgery (CSRF) vulnerability in Storeapps Stock Manager for Woocommerce
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
network
low complexity
storeapps CWE-352
8.8
8.8
2021-07-20 CVE-2020-15660 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Geckodriver
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
network
low complexity
mozilla CWE-352
8.8
8.8
2021-07-20 CVE-2021-32774 Cross-Site Request Forgery (CSRF) vulnerability in Miraheze Datadump
DataDump is a MediaWiki extension that provides dumps of wikis.
network
low complexity
miraheze CWE-352
5.4
5.4
2021-07-16 CVE-2020-4675 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5
2021-07-14 CVE-2020-18151 Cross-Site Request Forgery (CSRF) vulnerability in Thinkcmf 5.1.0
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
network
low complexity
thinkcmf CWE-352
6.5
6.5
2021-07-14 CVE-2020-27379 Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0
Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 .
network
low complexity
bookingcore CWE-352
6.5
6.5
2021-07-14 CVE-2021-20781 Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
pluginus CWE-352
8.8
8.8
2021-07-14 CVE-2021-20782 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
tipsandtricks-hq CWE-352
8.8
8.8