Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-10-03 CVE-2018-5921 Cross-Site Request Forgery (CSRF) vulnerability in HP products
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions.
network
low complexity
hp CWE-352
8.8
8.8
2018-10-01 CVE-2018-17869 Cross-Site Request Forgery (CSRF) vulnerability in Dasan H660Gw Firmware
DASAN H660GW devices do not implement any CSRF protection mechanism.
network
low complexity
dasan CWE-352
8.8
8.8
2018-10-01 CVE-2018-15702 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wrn841N Firmware 0.9.14.16V0348.0
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
network
low complexity
tp-link CWE-352
8.8
8.8
2018-10-01 CVE-2018-17826 Cross-Site Request Forgery (CSRF) vulnerability in Hisiphp 1.0.8
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account.
network
low complexity
hisiphp CWE-352
8.8
8.8
2018-09-26 CVE-2018-17081 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.9
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
network
low complexity
e107 CWE-352
4.3
4.3
2018-09-26 CVE-2017-15608 Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
network
low complexity
inedo CWE-352
6.5
6.5
2018-09-26 CVE-2018-8844 Cross-Site Request Forgery (CSRF) vulnerability in Philips E-Alert Firmware 2.1/R2.1
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-352
8.8
8.8
2018-09-23 CVE-2018-17366 Cross-Site Request Forgery (CSRF) vulnerability in Mcms Project Mcms 4.6.5
An issue was discovered in MCMS 4.6.5.
network
low complexity
mcms-project CWE-352
8.8
8.8
2018-09-21 CVE-2018-15612 Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings.
network
low complexity
avaya CWE-352
8.8
8.8
2018-09-20 CVE-2018-6504 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.
network
low complexity
microfocus CWE-352
8.8
8.8