Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-28 | CVE-2020-13642 | Cross-Site Request Forgery (CSRF) vulnerability in Siteorigin Page Builder An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. | 8.8 |
| 2020-05-28 | CVE-2020-13641 | Cross-Site Request Forgery (CSRF) vulnerability in Infolific Real-Time Find and Replace An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. | 8.8 |
| 2020-05-26 | CVE-2020-8168 | Cross-Site Request Forgery (CSRF) vulnerability in UI Airos We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | 8.8 |
| 2020-05-25 | CVE-2020-13458 | Cross-Site Request Forgery (CSRF) vulnerability in Verbb Image Resizer An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. | 8.8 |
| 2020-05-22 | CVE-2020-13416 | Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 5.4.1066. | 6.5 |
| 2020-05-22 | CVE-2020-13412 | Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 5.4.1204. | 8.8 |
| 2020-05-21 | CVE-2020-1103 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft products An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | 6.5 |
| 2020-05-21 | CVE-2019-20804 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | 8.8 |
| 2020-05-20 | CVE-2020-13231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 |
| 2020-05-19 | CVE-2020-4286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |