Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-20480 | Cross-Site Request Forgery (CSRF) vulnerability in Miele XGW 3000 Zigbee Gateway Firmware In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. | 8.8 |
| 2020-02-22 | CVE-2020-9341 | Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 2.1.0 CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | 8.8 |
| 2020-02-20 | CVE-2012-2629 | Cross-Site Request Forgery (CSRF) vulnerability in Axous 1.1.1 Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. | 8.8 |
| 2020-02-19 | CVE-2020-3114 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-02-19 | CVE-2019-12437 | Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, | 8.8 |
| 2020-02-19 | CVE-2019-12246 | Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | 4.3 |
| 2020-02-18 | CVE-2020-9271 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | 6.5 |
| 2020-02-18 | CVE-2020-9270 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | 8.8 |
| 2020-02-18 | CVE-2020-9267 | Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | 6.5 |
| 2020-02-18 | CVE-2020-9266 | Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | 6.5 |