Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18734 | Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS 4.8.30 A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | 8.8 |
| 2018-10-29 | CVE-2018-18712 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-10-29 | CVE-2018-18711 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-10-19 | CVE-2018-18420 | Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 8.8 |
| 2018-10-18 | CVE-2015-4630 | Cross-Site Request Forgery (CSRF) vulnerability in Koha Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. | 8.0 |
| 2018-10-18 | CVE-2018-12370 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Reader View SameSite cookie protections are not checked on exiting. | 8.8 |
| 2018-10-18 | CVE-2018-12364 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. | 8.8 |
| 2018-10-17 | CVE-2018-15438 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.5 |
| 2018-10-17 | CVE-2018-15402 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Enterprise Network Virtualization Software Nfvis8.0/Nfvis9.0 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. | 8.8 |
| 2018-10-17 | CVE-2018-18436 | Cross-Site Request Forgery (CSRF) vulnerability in Jtbc PHP 3.0.0.0 JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. | 8.8 |