Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-13 | CVE-2018-17023 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Gt-Ac5300 Firmware Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 8.8 |
| 2018-09-12 | CVE-2018-16951 | Cross-Site Request Forgery (CSRF) vulnerability in Xunfeng Project Xunfeng 0.2.0 xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. | 8.0 |
| 2018-09-11 | CVE-2018-16832 | Cross-Site Request Forgery (CSRF) vulnerability in Xunfeng Project Xunfeng 0.2.0 CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | 6.5 |
| 2018-09-10 | CVE-2016-7067 | Cross-Site Request Forgery (CSRF) vulnerability in Mmonit Monit Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. | 6.5 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 8.8 |
| 2018-09-07 | CVE-2018-0647 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2018-09-07 | CVE-2018-16650 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq phpMyFAQ before 2.9.11 allows CSRF. | 8.8 |
| 2018-09-06 | CVE-2018-1000669 | Cross-Site Request Forgery (CSRF) vulnerability in Koha KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. | 8.8 |
| 2018-09-05 | CVE-2018-16552 | Cross-Site Request Forgery (CSRF) vulnerability in Micropyramid Django CRM 0.2 MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | 8.8 |
| 2018-09-05 | CVE-2018-15682 | Cross-Site Request Forgery (CSRF) vulnerability in Btiteam Xbtit 2.5.4 An issue was discovered in BTITeam XBTIT. | 8.8 |