Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2020-23127 | Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.10 Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | 8.8 |
| 2021-05-05 | CVE-2020-36334 | Cross-Site Request Forgery (CSRF) vulnerability in Themegrill Demo Importer themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | 8.8 |
| 2021-05-03 | CVE-2021-29238 | Cross-Site Request Forgery (CSRF) vulnerability in Codesys Automation Server CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | 8.8 |
| 2021-04-29 | CVE-2021-30224 | Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.8.3 Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | 8.8 |
| 2021-04-27 | CVE-2020-21989 | Cross-Site Request Forgery (CSRF) vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). | 8.8 |
| 2021-04-25 | CVE-2021-31762 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | 8.8 |
| 2021-04-25 | CVE-2021-31760 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | 8.8 |
| 2021-04-23 | CVE-2021-31584 | Cross-Site Request Forgery (CSRF) vulnerability in Sipwise Next Generation Communication Platform 3.6.4 Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | 8.8 |
| 2021-04-21 | CVE-2021-21644 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Config File Provider A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | 5.4 |
| 2021-04-14 | CVE-2021-27181 | Cross-Site Request Forgery (CSRF) vulnerability in Altn Mdaemon An issue was discovered in MDaemon before 20.0.4. | 8.8 |