Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-10 | CVE-2019-17495 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. | 9.8 |
| 2019-10-10 | CVE-2019-17386 | Cross-Site Request Forgery (CSRF) vulnerability in Eleopard Animate It! The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. | 8.8 |
| 2019-10-10 | CVE-2019-17431 | Cross-Site Request Forgery (CSRF) vulnerability in Fastadmin 1.0.0.20190705 An issue was discovered in fastadmin 1.0.0.20190705_beta. | 8.8 |
| 2019-10-09 | CVE-2019-13529 | Cross-Site Request Forgery (CSRF) vulnerability in SMA Sunny Webbox Firmware 1.6 An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. | 8.8 |
| 2019-10-09 | CVE-2019-17369 | Cross-Site Request Forgery (CSRF) vulnerability in Otcms 3.85 OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. | 6.5 |
| 2019-10-07 | CVE-2015-9455 | Cross-Site Request Forgery (CSRF) vulnerability in Incsub Buddypress-Activity-Plus The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | 8.1 |
| 2019-10-06 | CVE-2019-17217 | Cross-Site Request Forgery (CSRF) vulnerability in Vzug Combi-Stream Mslq Firmware Ethernetr07 An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. | 8.8 |
| 2019-10-02 | CVE-2019-1915 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-10-02 | CVE-2019-15040 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | 8.8 |
| 2019-09-30 | CVE-2019-16993 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. | 8.8 |