Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2016-0335 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
low complexity
ibm CWE-352
8.8
8.8
2018-01-12 CVE-2017-16862 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
4.3
4.3
2018-01-12 CVE-2018-5368 Cross-Site Request Forgery (CSRF) vulnerability in Srbtranslatin Project Srbtranslatin 1.46
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.
network
low complexity
srbtranslatin-project CWE-352
8.8
8.8
2018-01-12 CVE-2018-5361 Cross-Site Request Forgery (CSRF) vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
network
low complexity
wpglobus CWE-352
8.8
8.8
2018-01-11 CVE-2012-0699 Cross-Site Request Forgery (CSRF) vulnerability in Haudenschilt Family Connections CMS
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
network
low complexity
haudenschilt CWE-352
8.8
8.8
2018-01-10 CVE-2018-0785 Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Asp.Net Core 2.0
ASP.NET Core 1.0.
network
low complexity
microsoft CWE-352
6.5
6.5
2018-01-08 CVE-2018-5301 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
network
low complexity
magento CWE-352
6.5
6.5
2018-01-08 CVE-2018-5285 Cross-Site Request Forgery (CSRF) vulnerability in Wpscoop Imageinject 1.15
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
network
low complexity
wpscoop CWE-352
8.8
8.8
2018-01-04 CVE-2017-1672 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2018-01-03 CVE-2018-5073 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script
Online Ticket Booking has CSRF via admin/movieedit.php. 		6.8
6.8