Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2020-4826 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-03 | CVE-2020-9388 | Cross-Site Request Forgery (CSRF) vulnerability in Squaredup 4.6 CSRF protection was not present in SquaredUp before version 4.6.0. | 6.5 |
| 2021-02-03 | CVE-2021-25765 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | 8.8 |
| 2021-02-01 | CVE-2020-24271 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.6 A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | 8.8 |
| 2021-01-29 | CVE-2020-29004 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | 8.8 |
| 2021-01-29 | CVE-2020-28403 | Cross-Site Request Forgery (CSRF) vulnerability in Iris Star 2019.2.0.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. | 8.8 |
| 2021-01-28 | CVE-2020-13569 | Cross-Site Request Forgery (CSRF) vulnerability in Open-Emr Openemr 5.0.2 A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). | 8.8 |
| 2021-01-28 | CVE-2021-20621 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg2600Hp2 Firmware and Wg2600Hp Firmware Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-01-26 | CVE-2020-35239 | Cross-Site Request Forgery (CSRF) vulnerability in Cakefoundation Cakephp A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. | 8.8 |
| 2021-01-25 | CVE-2021-21275 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. | 4.3 |