Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2015-2009 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. | 8.8 |
| 2018-03-28 | CVE-2018-9108 | Cross-Site Request Forgery (CSRF) vulnerability in Quickappscms Quickapps CMS 2.0.0 CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | 8.8 |
| 2018-03-27 | CVE-2018-9092 | Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.10 There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | 8.8 |
| 2018-03-27 | CVE-2018-7700 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | 8.8 |
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 8.8 |
| 2018-03-27 | CVE-2018-8718 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 8.0 |
| 2018-03-26 | CVE-2018-1213 | Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. | 8.8 |
| 2018-03-25 | CVE-2018-8817 | Cross-Site Request Forgery (CSRF) vulnerability in Wampserver Wampserver before 3.1.3 has CSRF in add_vhost.php. | 8.8 |
| 2018-03-24 | CVE-2018-8972 | Cross-Site Request Forgery (CSRF) vulnerability in Creditwestbank Cwcms Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. | 8.8 |
| 2018-03-23 | CVE-2018-1000137 | Cross-Site Request Forgery (CSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | 8.8 |