Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-10310 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
network
low complexity
jenkins CWE-352
8.8
8.8
2019-04-30 CVE-2019-10307 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Static Analysis Utilities
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.
network
low complexity
jenkins CWE-352
6.5
6.5
2019-04-29 CVE-2018-5123 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
network
low complexity
mozilla CWE-352
8.8
8.8
2019-04-26 CVE-2015-9284 Cross-Site Request Forgery (CSRF) vulnerability in Omniauth
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user.
network
low complexity
omniauth CWE-352
8.8
8.8
2019-04-22 CVE-2019-11456 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.10.1
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
network
low complexity
gilacms CWE-352
8.8
8.8
2019-04-22 CVE-2019-11416 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 3000N Firmware 1.5.0
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
network
low complexity
intelbras CWE-352
8.8
8.8
2019-04-20 CVE-2019-11375 Cross-Site Request Forgery (CSRF) vulnerability in Meisivod Msvod 10
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
network
low complexity
meisivod CWE-352
6.5
6.5
2019-04-20 CVE-2019-11374 Cross-Site Request Forgery (CSRF) vulnerability in 74Cms 5.0.1
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
network
low complexity
74cms CWE-352
8.8
8.8
2019-04-18 CVE-2019-3718 Cross-Site Request Forgery (CSRF) vulnerability in Dell Supportassist
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.
network
low complexity
dell CWE-352
8.8
8.8
2019-04-18 CVE-2019-10304 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Deploy
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
6.5
6.5