Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-2273 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elastest
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
2020-09-16 CVE-2020-2268 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mongodb
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
network
low complexity
jenkins CWE-352
8.8
2020-09-15 CVE-2020-25453 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS
An issue was discovered in BlackCat CMS before 1.4.
network
low complexity
blackcat-cms CWE-352
8.8
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2020-09-15 CVE-2020-23451 Cross-Site Request Forgery (CSRF) vulnerability in Spiceworks
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
network
low complexity
spiceworks CWE-352
8.8
2020-09-14 CVE-2020-10229 Cross-Site Request Forgery (CSRF) vulnerability in Vtenext 19
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
network
low complexity
vtenext CWE-352
8.8
2020-09-11 CVE-2020-23824 Cross-Site Request Forgery (CSRF) vulnerability in Argosoft Mail Server 1.8.8.9
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution.
network
low complexity
argosoft CWE-352
8.8
2020-09-11 CVE-2018-19948 Cross-Site Request Forgery (CSRF) vulnerability in Qnap Helpdesk
The vulnerability have been reported to affect earlier versions of Helpdesk.
network
low complexity
qnap CWE-352
6.5
2020-09-11 CVE-2020-25252 Cross-Site Request Forgery (CSRF) vulnerability in Hyland Onbase
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below.
network
low complexity
hyland CWE-352
8.8
2020-09-10 CVE-2020-24739 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account.
network
low complexity
idreamsoft CWE-352
6.5