Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-20 | CVE-2018-19335 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404/20180504 Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-19334 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404 Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-10099 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-17 | CVE-2018-19332 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.5 An issue was discovered in S-CMS v1.5. | 8.8 |
| 2018-11-17 | CVE-2018-19327 | Cross-Site Request Forgery (CSRF) vulnerability in Jtbc PHP 3.0.1.7 An issue was discovered in JTBC(PHP) 3.0.1.7. | 8.8 |
| 2018-11-16 | CVE-2018-19319 | Cross-Site Request Forgery (CSRF) vulnerability in Srcms Project Srcms 3.0.0 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | 6.5 |
| 2018-11-16 | CVE-2018-19318 | Cross-Site Request Forgery (CSRF) vulnerability in Srcms Project Srcms 3.0.0 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | 8.8 |
| 2018-11-16 | CVE-2018-18799 | Cross-Site Request Forgery (CSRF) vulnerability in School Attendance Monitoring System Project School Attendance Monitoring System 1.0 School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | 8.8 |
| 2018-11-16 | CVE-2018-18797 | Cross-Site Request Forgery (CSRF) vulnerability in School Attendance Monitoring System Project School Attendance Monitoring System 1.0 School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | 8.8 |
| 2018-11-16 | CVE-2018-18794 | Cross-Site Request Forgery (CSRF) vulnerability in School Event Management System Project School Event Management System 1.0 School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | 8.8 |