Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-11-01 CVE-2018-6907 Cross-Site Request Forgery (CSRF) vulnerability in Rainmachine web Application
A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.
network
low complexity
rainmachine CWE-352
8.8
8.8
2018-10-30 CVE-2018-18842 Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.2.1935(Zero)
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
network
low complexity
zblogcn CWE-352
8.8
8.8
2018-10-29 CVE-2018-18742 Cross-Site Request Forgery (CSRF) vulnerability in Sem-Cms Semcms 3.4
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
network
low complexity
sem-cms CWE-352
8.8
8.8
2018-10-29 CVE-2018-18735 Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish Blog 2.0.33
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
network
low complexity
catfish-cms CWE-352
8.8
8.8
2018-10-29 CVE-2018-18734 Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS 4.8.30
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.
network
low complexity
catfish-cms CWE-352
8.8
8.8
2018-10-29 CVE-2018-18712 Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0
An issue was discovered in WUZHI CMS 4.1.0.
network
low complexity
wuzhicms CWE-352
8.8
8.8
2018-10-29 CVE-2018-18711 Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0
An issue was discovered in WUZHI CMS 4.1.0.
network
low complexity
wuzhicms CWE-352
8.8
8.8
2018-10-19 CVE-2018-18420 Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
network
low complexity
tribalsystems CWE-352
8.8
8.8
2018-10-18 CVE-2015-4630 Cross-Site Request Forgery (CSRF) vulnerability in Koha
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl.
network
low complexity
koha CWE-352
8.0
8.0
2018-10-18 CVE-2018-12370 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In Reader View SameSite cookie protections are not checked on exiting.
network
low complexity
canonical mozilla CWE-352
8.8
8.8