Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-1002103 Cross-Site Request Forgery (CSRF) vulnerability in Kubernetes Minikube
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000.
network
low complexity
kubernetes CWE-352
8.8
8.8
2018-12-04 CVE-2018-16634 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.7
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
network
low complexity
pluck-cms CWE-352
8.8
8.8
2018-11-30 CVE-2018-1927 Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq
IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2018-11-28 CVE-2018-19621 Cross-Site Request Forgery (CSRF) vulnerability in Showdoc 2.4.2
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
network
low complexity
showdoc CWE-352
6.5
6.5
2018-11-27 CVE-2018-14892 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
network
low complexity
zyxel CWE-352
8.8
8.8
2018-11-26 CVE-2018-16854 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier.
network
low complexity
moodle CWE-352
8.8
8.8
2018-11-26 CVE-2018-19561 Cross-Site Request Forgery (CSRF) vulnerability in Sikcms 1.1
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
network
low complexity
sikcms CWE-352
8.8
8.8
2018-11-26 CVE-2018-19560 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
network
low complexity
bagesoft CWE-352
8.8
8.8
2018-11-26 CVE-2018-19555 Cross-Site Request Forgery (CSRF) vulnerability in Tp4A Teleport 3.1.0
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
network
low complexity
tp4a CWE-352
8.8
8.8
2018-11-26 CVE-2018-19545 Cross-Site Request Forgery (CSRF) vulnerability in Jeecms 9.3
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
network
low complexity
jeecms CWE-352
8.8
8.8