Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2020-7210 | Cross-Site Request Forgery (CSRF) vulnerability in Umbraco CMS 8.2.2 Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | 4.3 |
| 2020-01-22 | CVE-2011-3612 | Cross-Site Request Forgery (CSRF) vulnerability in Usebb Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | 8.8 |
| 2020-01-22 | CVE-2011-3582 | Cross-Site Request Forgery (CSRF) vulnerability in Anelectron Advanced Electron Forums 1.0.9 A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | 8.8 |
| 2020-01-21 | CVE-2020-6849 | Cross-Site Request Forgery (CSRF) vulnerability in Hutchhouse Marketo Forms and Tracking 1.0.0/1.0.1/1.0.2 The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. | 8.8 |
| 2020-01-21 | CVE-2019-3864 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. | 8.8 |
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |
| 2020-01-15 | CVE-2019-19854 | Cross-Site Request Forgery (CSRF) vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 8.8 |
| 2020-01-15 | CVE-2019-18271 | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 8.8 |
| 2020-01-15 | CVE-2020-2098 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
| 2020-01-15 | CVE-2020-2093 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Health Advisor BY Cloudbees A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | 8.8 |