Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-0439 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server
A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-10-05 CVE-2018-17986 Cross-Site Request Forgery (CSRF) vulnerability in Razorcms 3.4.8
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
network
low complexity
razorcms CWE-352
8.8
8.8
2018-10-03 CVE-2018-5921 Cross-Site Request Forgery (CSRF) vulnerability in HP products
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions.
network
low complexity
hp CWE-352
8.8
8.8
2018-10-01 CVE-2018-17869 Cross-Site Request Forgery (CSRF) vulnerability in Dasan H660Gw Firmware
DASAN H660GW devices do not implement any CSRF protection mechanism.
network
low complexity
dasan CWE-352
8.8
8.8
2018-10-01 CVE-2018-15702 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wrn841N Firmware 0.9.14.16V0348.0
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
network
low complexity
tp-link CWE-352
8.8
8.8
2018-10-01 CVE-2018-17826 Cross-Site Request Forgery (CSRF) vulnerability in Hisiphp 1.0.8
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account.
network
low complexity
hisiphp CWE-352
8.8
8.8
2018-09-26 CVE-2018-17081 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
network
low complexity
e107 CWE-352
4.3
4.3
2018-09-26 CVE-2017-15608 Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
network
low complexity
inedo CWE-352
6.5
6.5
2018-09-26 CVE-2018-8844 Cross-Site Request Forgery (CSRF) vulnerability in Philips E-Alert Firmware 2.1/R2.1
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-352
8.8
8.8
2018-09-23 CVE-2018-17366 Cross-Site Request Forgery (CSRF) vulnerability in Mcms Project Mcms 4.6.5
An issue was discovered in MCMS 4.6.5.
network
low complexity
mcms-project CWE-352
8.8
8.8