Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-25 | CVE-2020-13458 | Cross-Site Request Forgery (CSRF) vulnerability in Verbb Image Resizer An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. | 8.8 |
| 2020-05-22 | CVE-2020-13416 | Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 5.4.1066. | 6.5 |
| 2020-05-22 | CVE-2020-13412 | Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 5.4.1204. | 8.8 |
| 2020-05-21 | CVE-2020-1103 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft products An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | 6.5 |
| 2020-05-21 | CVE-2019-20804 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | 8.8 |
| 2020-05-20 | CVE-2020-13231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 |
| 2020-05-19 | CVE-2020-4286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2020-05-18 | CVE-2020-12257 | Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. | 8.8 |
| 2020-05-15 | CVE-2019-20390 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 8.1 |
| 2020-05-14 | CVE-2020-5576 | Cross-Site Request Forgery (CSRF) vulnerability in Sixapart Movable Type Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |