Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2018-5969 Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
network
low complexity
photography-cms-project CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-22 CVE-2018-6009 Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
network
low complexity
yiiframework CWE-352
8.8
8.8
2018-01-18 CVE-2017-18033 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
network
low complexity
atlassian CWE-352
6.5
6.5
2018-01-18 CVE-2018-0107 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-01-15 CVE-2018-5329 Cross-Site Request Forgery (CSRF) vulnerability in Beims Contractorweb.Net 5.18.0.0
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages.
network
low complexity
beims CWE-352
8.8
8.8
2018-01-13 CVE-2018-5673 Cross-Site Request Forgery (CSRF) vulnerability in Booking Calendar Project Booking Calendar 2.1.7
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress.
network
low complexity
booking-calendar-project CWE-352
8.8
8.8
2018-01-13 CVE-2018-5669 Cross-Site Request Forgery (CSRF) vulnerability in Read and Understood Project Read and Understood 2.1
An issue was discovered in the read-and-understood plugin 2.1 for WordPress.
network
low complexity
read-and-understood-project CWE-352
8.8
8.8
2018-01-13 CVE-2018-5658 Cross-Site Request Forgery (CSRF) vulnerability in Responsive Coming Soon Page Project Responsive Coming Soon Page 1.1.18
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. 		8.8
8.8