Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7874 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 6.5 |
| 2019-08-02 | CVE-2019-7873 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 4.3 |
| 2019-08-02 | CVE-2019-7865 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 8.8 |
| 2019-08-02 | CVE-2019-7857 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | 4.3 |
| 2019-08-02 | CVE-2019-7851 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | 6.5 |
| 2019-08-01 | CVE-2013-7473 | Cross-Site Request Forgery (CSRF) vulnerability in Windu CMS 2.2 Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | 8.8 |
| 2019-08-01 | CVE-2018-10899 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Jolokia versions from 1.2 to before 1.6.1. | 8.8 |
| 2019-07-31 | CVE-2019-10186 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. | 8.8 |
| 2019-07-31 | CVE-2019-3959 | Cross-Site Request Forgery (CSRF) vulnerability in Wallaceit Wallacepos 1.4.3 Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 8.8 |
| 2019-07-31 | CVE-2018-20872 | Cross-Site Request Forgery (CSRF) vulnerability in I-Lan Draytekl Firmware DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. | 6.5 |