Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2018-2000 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-04-05 | CVE-2019-10888 | Cross-Site Request Forgery (CSRF) vulnerability in Ukcms 1.1.10 A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html. | 8.8 |
| 2019-04-05 | CVE-2019-10874 | Cross-Site Request Forgery (CSRF) vulnerability in Boltcms Bolt 3.6.6 Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | 8.8 |
| 2019-04-04 | CVE-2019-10292 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Kmap A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-10289 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Netsparker Cloud Scan A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-10278 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins-Reviewbot A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003098 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003092 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Nomad A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003090 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Soasta Cloudtest A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003086 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |