Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2018-1230 Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Batch Admin
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection.
network
low complexity
pivotal-software CWE-352
8.8
8.8
2018-03-20 CVE-2014-1457 Cross-Site Request Forgery (CSRF) vulnerability in Openwebanalytics Open web Analytics
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
network
low complexity
openwebanalytics CWE-352
8.8
8.8
2018-03-20 CVE-2018-8811 Cross-Site Request Forgery (CSRF) vulnerability in Alkacon Opencms 10.5.3
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.
network
low complexity
alkacon CWE-352
8.8
8.8
2018-03-19 CVE-2014-2675 Cross-Site Request Forgery (CSRF) vulnerability in Wp-Html-Sitemap Project Wp-Html-Sitemap 1.2
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.
network
low complexity
wp-html-sitemap-project CWE-352
6.5
6.5
2018-03-19 CVE-2014-2550 Cross-Site Request Forgery (CSRF) vulnerability in Disable Comments Disable Comments Project
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.
network
low complexity
disable-comments CWE-352
8.8
8.8
2018-03-19 CVE-2014-2274 Cross-Site Request Forgery (CSRF) vulnerability in Subscribe to Comments Reloaded Project Subscribe to Comments Reloaded 140128/140129/140204
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. 		8.8
8.8
2018-03-16 CVE-2014-4613 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
network
low complexity
piwigo CWE-352
6.5
6.5
2018-03-15 CVE-2018-6224 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Email Encryption Gateway 5.5
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.
network
low complexity
trendmicro CWE-352
8.8
8.8
2018-03-15 CVE-2018-8717 Cross-Site Request Forgery (CSRF) vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.
network
low complexity
joyplus-cms-project CWE-352
8.8
8.8
2018-03-15 CVE-2018-7701 Cross-Site Request Forgery (CSRF) vulnerability in Securenvoy Securmail
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
network
low complexity
securenvoy CWE-352
6.5
6.5