Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-01-21 CVE-2019-3864 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token.
network
low complexity
redhat CWE-352
8.8
8.8
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
5.3
2020-01-15 CVE-2019-19854 Cross-Site Request Forgery (CSRF) vulnerability in Serpico Project Serpico 1.3.0
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.
network
low complexity
serpico-project CWE-352
8.8
8.8
2020-01-15 CVE-2019-18271 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017/2019
OSIsoft PI Vision, All versions of PI Vision prior to 2019.
network
low complexity
osisoft CWE-352
8.8
8.8
2020-01-15 CVE-2020-2098 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds
A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-01-15 CVE-2020-2093 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Health Advisor BY Cloudbees
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-01-15 CVE-2020-2090 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Amazon EC2
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-01-15 CVE-2020-5502 Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.
network
low complexity
phpbb CWE-352
6.5
6.5
2020-01-15 CVE-2020-5501 Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
network
low complexity
phpbb CWE-352
4.3
4.3
2020-01-14 CVE-2011-2934 Cross-Site Request Forgery (CSRF) vulnerability in Websitebaker
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
network
low complexity
websitebaker CWE-352
8.8
8.8