Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-13563 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | 8.8 |
| 2019-07-11 | CVE-2019-12363 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb-2Fa Project Mybb-2Fa 20141105 An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. | 8.8 |
| 2019-07-11 | CVE-2019-10340 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Docker A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 8.8 |
| 2019-07-10 | CVE-2019-13071 | Cross-Site Request Forgery (CSRF) vulnerability in Cyberpowersystems Powerpanel 3.4.0 CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. | 8.8 |
| 2019-07-10 | CVE-2018-12628 | Cross-Site Request Forgery (CSRF) vulnerability in Eventum Project Eventum An issue was discovered in Eventum 3.5.0. | 8.8 |
| 2019-07-08 | CVE-2019-12923 | Cross-Site Request Forgery (CSRF) vulnerability in Mailenable In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. | 6.5 |
| 2019-07-08 | CVE-2019-13401 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | 8.8 |
| 2019-07-07 | CVE-2019-13183 | Cross-Site Request Forgery (CSRF) vulnerability in Flarum 0.1.0 Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. | 8.8 |
| 2019-07-06 | CVE-2019-13370 | Cross-Site Request Forgery (CSRF) vulnerability in Ignitedcms 1.0.0/1.0.1/20170219 index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. | 8.8 |