Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-05-17 CVE-2020-18195 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
network
low complexity
pluck-cms CWE-352
8.8
8.8
2021-05-17 CVE-2020-18198 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
network
low complexity
pluck-cms CWE-352
8.8
8.8
2021-05-17 CVE-2021-32402 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras RF 301K Firmware 1.1.2
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
network
low complexity
intelbras CWE-352
8.8
8.8
2021-05-17 CVE-2021-32403 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras RF 301K Firmware 1.1.2
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
network
low complexity
intelbras CWE-352
8.8
8.8
2021-05-15 CVE-2021-32073 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
network
low complexity
dedecms CWE-352
8.8
8.8
2021-05-11 CVE-2020-18964 Cross-Site Request Forgery (CSRF) vulnerability in Forestblog Project Forestblog 20190404
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
network
low complexity
forestblog-project CWE-352
8.8
8.8
2021-05-11 CVE-2021-21652 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
7.1
7.1
2021-05-11 CVE-2021-21655 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
network
low complexity
jenkins CWE-352
7.1
7.1
2021-05-10 CVE-2020-23376 Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
network
low complexity
5none CWE-352
6.1
6.1
2021-05-10 CVE-2020-19199 Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
network
low complexity
phpok CWE-352
8.8
8.8