Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
2018-01-22 CVE-2018-6009 Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
network
low complexity
yiiframework CWE-352
8.8
2018-01-18 CVE-2017-18033 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
network
low complexity
atlassian CWE-352
6.5
2018-01-18 CVE-2018-0107 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2018-01-15 CVE-2018-5329 Cross-Site Request Forgery (CSRF) vulnerability in Beims Contractorweb.Net 5.18.0.0
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages.
network
low complexity
beims CWE-352
8.8
2018-01-13 CVE-2018-5673 Cross-Site Request Forgery (CSRF) vulnerability in Booking Calendar Project Booking Calendar 2.1.7
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress.
network
low complexity
booking-calendar-project CWE-352
8.8
2018-01-13 CVE-2018-5669 Cross-Site Request Forgery (CSRF) vulnerability in Read and Understood Project Read and Understood 2.1
An issue was discovered in the read-and-understood plugin 2.1 for WordPress.
network
low complexity
read-and-understood-project CWE-352
8.8
2018-01-13 CVE-2018-5658 Cross-Site Request Forgery (CSRF) vulnerability in Responsive Coming Soon Page Project Responsive Coming Soon Page 1.1.18
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress.
8.8
2018-01-13 CVE-2018-5656 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Pinterest-Feeds 1.1.1
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress.
network
low complexity
weblizar CWE-352
8.8
2018-01-12 CVE-2017-16886 Cross-Site Request Forgery (CSRF) vulnerability in Fiberhome Lm53Q1 Firmware Vh519R05C01S38
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal.
network
low complexity
fiberhome CWE-352
8.8