Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-03-19 CVE-2020-10671 Cross-Site Request Forgery (CSRF) vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections.
network
low complexity
canon CWE-352
8.8
8.8
2020-03-18 CVE-2019-12769 Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Managed File Transfer 15.1.5/15.1.6
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
network
low complexity
solarwinds CWE-352
8.8
8.8
2020-03-18 CVE-2020-4199 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2020-03-17 CVE-2018-21037 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
network
low complexity
intelliants CWE-352
8.8
8.8
2020-03-16 CVE-2020-9346 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
network
low complexity
zohocorp CWE-352
8.8
8.8
2020-03-16 CVE-2020-6585 Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has CSRF.
network
low complexity
nagios CWE-352
8.8
8.8
2020-03-16 CVE-2020-10241 Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!
An issue was discovered in Joomla! before 3.9.16.
network
low complexity
joomla CWE-352
8.8
8.8
2020-03-14 CVE-2020-10568 Cross-Site Request Forgery (CSRF) vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6/4.3.7
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison.
network
low complexity
onthegosystems CWE-352
8.8
8.8
2020-03-13 CVE-2019-13199 Cross-Site Request Forgery (CSRF) vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF.
network
low complexity
kyocera CWE-352
6.5
6.5
2020-03-13 CVE-2019-13170 Cross-Site Request Forgery (CSRF) vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks.
network
low complexity
xerox CWE-352
6.5
6.5