Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-22	CVE-2018-7524	Cross-Site Request Forgery (CSRF) vulnerability in Geutebrueck G-Cam/Efd-2250 Firmware and Topfd-2125 Firmware A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. network low complexity geutebrueck CWE-352	8.8
2018-03-22	CVE-2017-0933	Cross-Site Request Forgery (CSRF) vulnerability in Ubnt Edgeos Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. network low complexity ubnt CWE-352	8.0
2018-03-21	CVE-2018-1230	Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Batch Admin Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. network low complexity pivotal-software CWE-352	8.8
2018-03-20	CVE-2014-1457	Cross-Site Request Forgery (CSRF) vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. network low complexity openwebanalytics CWE-352	8.8
2018-03-20	CVE-2018-8811	Cross-Site Request Forgery (CSRF) vulnerability in Alkacon Opencms 10.5.3 Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. network low complexity alkacon CWE-352	8.8
2018-03-19	CVE-2014-2675	Cross-Site Request Forgery (CSRF) vulnerability in Wp-Html-Sitemap Project Wp-Html-Sitemap 1.2 Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. network low complexity wp-html-sitemap-project CWE-352	6.5
2018-03-19	CVE-2014-2550	Cross-Site Request Forgery (CSRF) vulnerability in Disable Comments Disable Comments Project Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. network low complexity disable-comments CWE-352	8.8
2018-03-19	CVE-2014-2274	Cross-Site Request Forgery (CSRF) vulnerability in Subscribe to Comments Reloaded Project Subscribe to Comments Reloaded 140128/140129/140204 Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. network low complexity subscribe-to-comments-reloaded-project CWE-352	8.8
2018-03-16	CVE-2014-4613	Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. network low complexity piwigo CWE-352	6.5
2018-03-15	CVE-2018-6224	Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Email Encryption Gateway 5.5 A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. network low complexity trendmicro CWE-352	8.8