Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2015-1583 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 8.8 |
| 2020-02-27 | CVE-2020-5402 | Cross-Site Request Forgery (CSRF) vulnerability in Cloudfoundry Cf-Deployment In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | 8.8 |
| 2020-02-26 | CVE-2019-4726 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-02-26 | CVE-2019-19987 | Cross-Site Request Forgery (CSRF) vulnerability in Seling Visual Access Manager 4.15.0/4.29.0 An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. | 6.5 |
| 2020-02-25 | CVE-2020-9394 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Pricing Table BY Supsystic 1.8.0/1.8.1 An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. | 8.8 |
| 2020-02-25 | CVE-2020-9018 | Cross-Site Request Forgery (CSRF) vulnerability in Litecart LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | 5.3 |
| 2020-02-24 | CVE-2019-20480 | Cross-Site Request Forgery (CSRF) vulnerability in Miele XGW 3000 Zigbee Gateway Firmware In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. | 8.8 |
| 2020-02-22 | CVE-2020-9341 | Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 2.1.0 CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | 8.8 |
| 2020-02-20 | CVE-2012-2629 | Cross-Site Request Forgery (CSRF) vulnerability in Axous 1.1.1 Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. | 8.8 |
| 2020-02-19 | CVE-2020-3114 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |