Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-08-05 CVE-2018-14958 Cross-Site Request Forgery (CSRF) vulnerability in Weaselcms Project Weaselcms 0.3.5
An issue was discovered in WeaselCMS v0.3.5.
network
low complexity
weaselcms-project CWE-352
8.8
8.8
2018-08-03 CVE-2018-14926 Cross-Site Request Forgery (CSRF) vulnerability in Matera Banco 1.0.0
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
network
low complexity
matera CWE-352
8.8
8.8
2018-08-03 CVE-2018-14908 Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
network
low complexity
samsung CWE-352
8.8
8.8
2018-08-01 CVE-2018-0413 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-08-01 CVE-2018-1999027 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saltstack
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
high complexity
jenkins CWE-352
7.5
7.5
2018-07-27 CVE-2018-14603 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2.
network
low complexity
gitlab CWE-352
8.8
8.8
2018-07-24 CVE-2018-14583 Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.5
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
network
low complexity
xyhcms CWE-352
8.8
8.8
2018-07-24 CVE-2018-14582 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
network
low complexity
bagesoft CWE-352
8.8
8.8
2018-07-24 CVE-2017-3187 Cross-Site Request Forgery (CSRF) vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery.
network
low complexity
dotcms CWE-352
8.8
8.8
2018-07-20 CVE-2018-14420 Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
network
low complexity
metinfo CWE-352
8.8
8.8