Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2015-9284 Cross-Site Request Forgery (CSRF) vulnerability in Omniauth
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user.
network
low complexity
omniauth CWE-352
8.8
8.8
2019-04-22 CVE-2019-11456 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.10.1
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
network
low complexity
gilacms CWE-352
8.8
8.8
2019-04-22 CVE-2019-11416 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 3000N Firmware 1.5.0
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
network
low complexity
intelbras CWE-352
8.8
8.8
2019-04-20 CVE-2019-11375 Cross-Site Request Forgery (CSRF) vulnerability in Meisivod Msvod 10
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
network
low complexity
meisivod CWE-352
6.5
6.5
2019-04-20 CVE-2019-11374 Cross-Site Request Forgery (CSRF) vulnerability in 74Cms 5.0.1
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
network
low complexity
74cms CWE-352
8.8
8.8
2019-04-18 CVE-2019-3718 Cross-Site Request Forgery (CSRF) vulnerability in Dell Supportassist
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.
network
low complexity
dell CWE-352
8.8
8.8
2019-04-18 CVE-2019-10304 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Deploy
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
6.5
6.5
2019-04-18 CVE-2019-10300 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.0
8.0
2019-04-18 CVE-2018-17168 Cross-Site Request Forgery (CSRF) vulnerability in Printeron 4.1.4
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page.
network
low complexity
printeron CWE-352
6.5
6.5
2019-04-18 CVE-2019-1797 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wireless LAN Controller Software
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration.
network
low complexity
cisco CWE-352
8.8
8.8