Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2020-28452 | Cross-Site Request Forgery (CSRF) vulnerability in Softwaremill Akka-Http-Session This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. | 8.8 |
| 2021-01-20 | CVE-2020-35217 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0 Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. | 8.8 |
| 2021-01-19 | CVE-2020-23342 | Cross-Site Request Forgery (CSRF) vulnerability in Anchorcms Anchor CMS 0.12.7 A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | 8.8 |
| 2021-01-19 | CVE-2020-23522 | Cross-Site Request Forgery (CSRF) vulnerability in Pixelimity 1.0 Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | 6.8 |
| 2021-01-14 | CVE-2020-6776 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). | 8.8 |
| 2021-01-13 | CVE-2020-35687 | Cross-Site Request Forgery (CSRF) vulnerability in PHP-Fusion PHPfusion 9.03.90 PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim. | 4.3 |
| 2021-01-13 | CVE-2020-36191 | Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0 JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | 4.5 |
| 2021-01-12 | CVE-2021-3133 | Cross-Site Request Forgery (CSRF) vulnerability in Sean-Barton Elementor Contact Form DB The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. | 6.5 |
| 2021-01-11 | CVE-2020-23631 | Cross-Site Request Forgery (CSRF) vulnerability in Wdja CMS 1.5 Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | 6.1 |
| 2021-01-11 | CVE-2020-23960 | Cross-Site Request Forgery (CSRF) vulnerability in Fork-Cms Fork CMS Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | 8.8 |