Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-09 | CVE-2019-19685 | Cross-Site Request Forgery (CSRF) vulnerability in Nopcommerce 4.20 RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | 8.8 |
| 2019-12-04 | CVE-2019-16752 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. | 4.3 |
| 2019-12-04 | CVE-2019-18346 | Cross-Site Request Forgery (CSRF) vulnerability in Davical A CSRF issue was discovered in DAViCal through 1.1.8. | 8.8 |
| 2019-12-02 | CVE-2019-19516 | Cross-Site Request Forgery (CSRF) vulnerability in Intelbras WRN 150 Firmware 1.0.18 Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. | 6.5 |
| 2019-11-28 | CVE-2019-19375 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Deploy In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. | 5.3 |
| 2019-11-26 | CVE-2019-17590 | Cross-Site Request Forgery (CSRF) vulnerability in CSRF Magic Project CSRF Magic 20160327 The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. | 8.8 |
| 2019-11-26 | CVE-2019-18677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). | 6.1 |
| 2019-11-26 | CVE-2019-16002 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-11-26 | CVE-2011-3609 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Application Server 7.0.0/7.0.1/7.0.2 A CSRF issue was found in JBoss Application Server 7 before 7.1.0. | 6.5 |
| 2019-11-22 | CVE-2013-6811 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dsl6740U Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. | 8.8 |