Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2019-5430 | Cross-Site Request Forgery (CSRF) vulnerability in UI Unifi Video In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | 8.8 |
| 2019-05-03 | CVE-2019-1857 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 8.8 |
| 2019-05-03 | CVE-2019-1713 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2019-04-30 | CVE-2019-11617 | Cross-Site Request Forgery (CSRF) vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. | 8.8 |
| 2019-04-30 | CVE-2018-15206 | Cross-Site Request Forgery (CSRF) vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | 8.8 |
| 2019-04-30 | CVE-2018-14930 | Cross-Site Request Forgery (CSRF) vulnerability in Polarisft Intellect Core Banking 9.7.1 An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. | 8.8 |
| 2019-04-30 | CVE-2019-10315 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Authentication Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 8.8 |
| 2019-04-30 | CVE-2019-10310 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 8.8 |
| 2019-04-30 | CVE-2019-10307 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Static Analysis Utilities A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | 6.5 |
| 2019-04-29 | CVE-2018-5123 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | 8.8 |