Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-08-08 CVE-2018-15203 Cross-Site Request Forgery (CSRF) vulnerability in Ignitedcms 1.0.0/1.0.1/20170219
An issue was discovered in Ignited CMS through 2017-02-19.
network
low complexity
ignitedcms CWE-352
6.5
6.5
2018-08-08 CVE-2018-15202 Cross-Site Request Forgery (CSRF) vulnerability in Juunan06 Ecommerce 20180805
An issue was discovered in Juunan06 eCommerce through 2018-08-05.
network
low complexity
juunan06 CWE-352
6.3
6.3
2018-08-08 CVE-2018-15198 Cross-Site Request Forgery (CSRF) vulnerability in Onethink 1.1
An issue was discovered in OneThink v1.1.
network
low complexity
onethink CWE-352
8.8
8.8
2018-08-08 CVE-2018-15197 Cross-Site Request Forgery (CSRF) vulnerability in Onethink 1.1
An issue was discovered in OneThink v1.1.
network
low complexity
onethink CWE-352
8.8
8.8
2018-08-08 CVE-2018-15193 Cross-Site Request Forgery (CSRF) vulnerability in Gogs 0.11.53
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
network
low complexity
gogs CWE-352
8.8
8.8
2018-08-08 CVE-2018-15177 Cross-Site Request Forgery (CSRF) vulnerability in Gxlcms 2.0
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
network
low complexity
gxlcms CWE-352
8.8
8.8
2018-08-08 CVE-2013-7464 Cross-Site Request Forgery (CSRF) vulnerability in Csrf-Magic Project Csrf-Magic
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
network
low complexity
csrf-magic-project CWE-352
8.8
8.8
2018-08-06 CVE-2018-7060 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users.
network
low complexity
arubanetworks CWE-352
8.8
8.8
2018-08-06 CVE-2018-14978 Cross-Site Request Forgery (CSRF) vulnerability in Q-Cms Qcms 3.0.1
An issue was discovered in QCMS 3.0.1.
network
low complexity
q-cms CWE-352
8.8
8.8
2018-08-06 CVE-2018-14966 Cross-Site Request Forgery (CSRF) vulnerability in Emlsoft Project Emlsoft 5.4.5
An issue was discovered in EMLsoft 5.4.5.
network
low complexity
emlsoft-project CWE-352
8.8
8.8