Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-04	CVE-2017-1672	Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network low complexity ibm CWE-352	8.8
2018-01-03	CVE-2018-5073	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has CSRF via admin/movieedit.php. network low complexity advanced-real-estate-script-project CWE-352	6.8
2018-01-03	CVE-2017-1000479	Cross-Site Request Forgery (CSRF) vulnerability in multiple products pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. network low complexity opnsense-project netgate CWE-352	8.8
2018-01-03	CVE-2017-1000499	Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. network low complexity phpmyadmin CWE-352	8.8
2018-01-02	CVE-2017-1000432	Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access network low complexity vanillaforums CWE-352	8.0
2017-12-30	CVE-2017-17990	Cross-Site Request Forgery (CSRF) vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. network low complexity iwcnetwork CWE-352	8.8
2017-12-30	CVE-2017-17982	Cross-Site Request Forgery (CSRF) vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. network low complexity muslim-matrimonial-script-project CWE-352	6.8
2017-12-29	CVE-2014-0120	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." network low complexity hawt redhat CWE-352	8.8
2017-12-28	CVE-2017-17960	Cross-Site Request Forgery (CSRF) vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. network low complexity php-multivendor-ecommerce-project CWE-352	8.8
2017-12-28	CVE-2017-17939	Cross-Site Request Forgery (CSRF) vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2 PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. network low complexity single-theater-booking-script-project CWE-352	8.8