Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25765 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
network
low complexity
jetbrains CWE-352
8.8
8.8
2021-02-01 CVE-2020-24271 Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.6
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
network
low complexity
easycms CWE-352
8.8
8.8
2021-01-29 CVE-2020-29004 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
network
low complexity
mediawiki CWE-352
8.8
8.8
2021-01-29 CVE-2020-28403 Cross-Site Request Forgery (CSRF) vulnerability in Iris Star 2019.2.0.6
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application.
network
low complexity
iris CWE-352
8.8
8.8
2021-01-28 CVE-2020-13569 Cross-Site Request Forgery (CSRF) vulnerability in Open-Emr Openemr 5.0.2
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce).
network
low complexity
open-emr CWE-352
8.8
8.8
2021-01-28 CVE-2021-20621 Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg2600Hp2 Firmware and Wg2600Hp Firmware
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
aterm CWE-352
8.8
8.8
2021-01-26 CVE-2020-35239 Cross-Site Request Forgery (CSRF) vulnerability in Cakephp
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3.
network
low complexity
cakephp CWE-352
8.8
8.8
2021-01-25 CVE-2021-21275 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability.
network
low complexity
report-project oracle CWE-352
4.3
4.3
2021-01-22 CVE-2020-12511 Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
network
low complexity
pepperl-fuchs CWE-352
8.8
8.8
2021-01-20 CVE-2021-1257 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.
network
low complexity
cisco mcafee CWE-352
8.8
8.8