Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-13527 | Cross-Site Request Forgery (CSRF) vulnerability in Lantronix SGX Firmware and Xport Edge Firmware An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. | 4.5 |
| 2020-12-17 | CVE-2020-8465 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | 9.8 |
| 2020-12-17 | CVE-2020-8461 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | 8.8 |
| 2020-12-17 | CVE-2020-25095 | Cross-Site Request Forgery (CSRF) vulnerability in Logrhythm Platform Manager 7.4.9 LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. | 8.8 |
| 2020-12-16 | CVE-2020-4904 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2020-12-16 | CVE-2020-28931 | Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | 8.8 |
| 2020-12-16 | CVE-2019-14481 | Cross-Site Request Forgery (CSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. | 5.4 |
| 2020-12-16 | CVE-2020-25622 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-12-14 | CVE-2020-8282 | Cross-Site Request Forgery (CSRF) vulnerability in UI products A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | 8.8 |
| 2020-12-14 | CVE-2020-28858 | Cross-Site Request Forgery (CSRF) vulnerability in Openasset Digital Asset Management OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions. | 8.8 |