Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-02-18 CVE-2020-6844 Cross-Site Request Forgery (CSRF) vulnerability in Topmanage OLK Webstore 2020
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.
network
low complexity
topmanage CWE-352
8.8
8.8
2020-02-18 CVE-2013-4227 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Persona
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
network
low complexity
mozilla CWE-352
8.8
8.8
2020-02-18 CVE-2020-5530 Cross-Site Request Forgery (CSRF) vulnerability in Realestateconnected Easy Property Listings
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
realestateconnected CWE-352
8.8
8.8
2020-02-14 CVE-2013-4792 Cross-Site Request Forgery (CSRF) vulnerability in Prestashop
PrestaShop before 1.4.11 allows logout CSRF.
network
low complexity
prestashop CWE-352
5.5
5.5
2020-02-12 CVE-2020-1977 Cross-Site Request Forgery (CSRF) vulnerability in Paloaltonetworks Expedition Migration Tool
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool.
network
low complexity
paloaltonetworks CWE-352
8.8
8.8
2020-02-12 CVE-2020-2116 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Github Notify Step
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-02-12 CVE-2019-20100 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF).
network
low complexity
atlassian CWE-352
4.7
4.7
2020-02-12 CVE-2019-20099 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF).
network
low complexity
atlassian CWE-352
4.3
4.3
2020-02-12 CVE-2019-20098 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF).
network
low complexity
atlassian CWE-352
4.3
4.3
2020-02-11 CVE-2012-6721 Cross-Site Request Forgery (CSRF) vulnerability in Socialengine 4.2.2
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.
network
low complexity
socialengine CWE-352
6.3
6.3