Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-18220 Cross-Site Request Forgery (CSRF) vulnerability in Sitemagic 4.4.1
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests.
network
low complexity
sitemagic CWE-352
8.8
8.8
2019-10-23 CVE-2019-10471 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Libvirt Slaves
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-10-23 CVE-2019-10468 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Kubernetes CI
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-10-23 CVE-2019-10464 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Deploy Weblogic
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-10-23 CVE-2019-10462 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Dynatrace Application Monitoring
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.1
8.1
2019-10-22 CVE-2015-9498 Cross-Site Request Forgery (CSRF) vulnerability in Wpserveur WPS Hide Login 1.0
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
network
low complexity
wpserveur CWE-352
8.8
8.8
2019-10-22 CVE-2015-9497 Cross-Site Request Forgery (CSRF) vulnerability in AD Inserter Project AD Inserter
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
network
low complexity
ad-inserter-project CWE-352
8.8
8.8
2019-10-18 CVE-2019-17367 Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
network
low complexity
openwrt CWE-352
8.8
8.8
2019-10-17 CVE-2019-17118 Cross-Site Request Forgery (CSRF) vulnerability in Wikidsystems 2FA Enterprise Server
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.
network
low complexity
wikidsystems CWE-352
8.8
8.8
2019-10-17 CVE-2019-17676 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 7.0.0
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
network
low complexity
metinfo CWE-352
8.8
8.8