Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-24373 Cross-Site Request Forgery (CSRF) vulnerability in Free products
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
network
low complexity
free CWE-352
8.8
8.8
2020-09-16 CVE-2020-13259 Cross-Site Request Forgery (CSRF) vulnerability in RAD Secflow-1V Firmware Osimagesf02902.3.01.26
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
rad CWE-352
8.8
8.8
2020-09-16 CVE-2020-25015 Cross-Site Request Forgery (CSRF) vulnerability in Genexis Platinum 4410 Firmware P4410V21.28
A specific router allows changing the Wi-Fi password remotely.
network
low complexity
genexis CWE-352
6.5
6.5
2020-09-16 CVE-2020-2273 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elastest
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2020-09-16 CVE-2020-2268 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mongodb
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-09-15 CVE-2020-25453 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS
An issue was discovered in BlackCat CMS before 1.4.
network
low complexity
blackcat-cms CWE-352
8.8
8.8
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2020-09-15 CVE-2020-23451 Cross-Site Request Forgery (CSRF) vulnerability in Spiceworks
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
network
low complexity
spiceworks CWE-352
8.8
8.8
2020-09-14 CVE-2020-10229 Cross-Site Request Forgery (CSRF) vulnerability in Vtenext 19
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
network
low complexity
vtenext CWE-352
8.8
8.8
2020-09-11 CVE-2020-23824 Cross-Site Request Forgery (CSRF) vulnerability in Argosoft Mail Server 1.8.8.9
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution.
network
low complexity
argosoft CWE-352
8.8
8.8