Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-13786 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
network
low complexity
dlink CWE-352
8.8
8.8
2020-06-03 CVE-2020-2196 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Selenium
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
network
low complexity
jenkins CWE-352
8.0
8.0
2020-06-03 CVE-2020-2192 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Self-Organizing Swarm Modules
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
network
low complexity
jenkins CWE-352
6.5
6.5
2020-06-02 CVE-2020-13760 Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
network
low complexity
joomla CWE-352
8.8
8.8
2020-06-01 CVE-2014-8942 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Lexiglot
Lexiglot through 2014-11-20 allows CSRF.
network
low complexity
piwigo CWE-352
8.8
8.8
2020-06-01 CVE-2020-4018 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8
2020-05-28 CVE-2020-13643 Cross-Site Request Forgery (CSRF) vulnerability in Siteorigin Page Builder
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress.
network
low complexity
siteorigin CWE-352
8.8
8.8
2020-05-28 CVE-2020-13642 Cross-Site Request Forgery (CSRF) vulnerability in Siteorigin Page Builder
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress.
network
low complexity
siteorigin CWE-352
8.8
8.8
2020-05-28 CVE-2020-13641 Cross-Site Request Forgery (CSRF) vulnerability in Infolific Real-Time Find and Replace
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress.
network
low complexity
infolific CWE-352
8.8
8.8
2020-05-26 CVE-2020-8168 Cross-Site Request Forgery (CSRF) vulnerability in UI Airos
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
network
low complexity
ui CWE-352
8.8
8.8