Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-0363 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-06-20 | CVE-2018-6563 | Cross-Site Request Forgery (CSRF) vulnerability in Totemo Encryption Gateway 6.0.0 Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token. | 8.8 |
| 2018-06-19 | CVE-2018-12583 | Cross-Site Request Forgery (CSRF) vulnerability in Akcms Project Akcms 6.1 An issue was discovered in AKCMS 6.1. | 6.5 |
| 2018-06-19 | CVE-2018-12582 | Cross-Site Request Forgery (CSRF) vulnerability in Akcms Project Akcms 6.1 An issue was discovered in AKCMS 6.1. | 8.8 |
| 2018-06-14 | CVE-2018-12114 | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | 8.8 |
| 2018-06-13 | CVE-2018-12354 | Cross-Site Request Forgery (CSRF) vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | 8.8 |
| 2018-06-13 | CVE-2018-11406 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. | 8.8 |
| 2018-06-11 | CVE-2017-5394 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. | 8.8 |
| 2018-06-08 | CVE-2014-0594 | Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | 8.8 |
| 2018-06-08 | CVE-2018-8925 | Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | 8.8 |