Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2011-0525 | Cross-Site Request Forgery (CSRF) vulnerability in Batavi Batavi before 1.0 has CSRF. | 8.8 |
| 2020-02-05 | CVE-2019-4613 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-02-04 | CVE-2020-8615 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). | 6.5 |
| 2020-02-04 | CVE-2019-10784 | Cross-Site Request Forgery (CSRF) vulnerability in PHPpgadmin Project PHPpgadmin phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. | 9.6 |
| 2020-02-04 | CVE-2013-7053 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: cli.cgi CSRF | 8.8 |
| 2020-01-31 | CVE-2020-8505 | Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | 6.5 |
| 2020-01-31 | CVE-2020-8504 | Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | 6.5 |
| 2020-01-29 | CVE-2019-7654 | Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. | 6.5 |
| 2020-01-29 | CVE-2020-7965 | Cross-Site Request Forgery (CSRF) vulnerability in Webargs Project Webargs flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. | 8.8 |
| 2020-01-28 | CVE-2020-8425 | Cross-Site Request Forgery (CSRF) vulnerability in Cups Easy (Purchase & Inventory) Project Cups Easy (Purchase & Inventory) 1.0 Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. | 6.5 |