Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000224 | Cross-Site Request Forgery (CSRF) vulnerability in Embedplus Youtube CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | 6.5 |
| 2017-11-16 | CVE-2017-15516 | Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | 8.8 |
| 2017-11-15 | CVE-2017-7851 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 |
| 2017-11-15 | CVE-2017-11876 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Project Server and Sharepoint Enterprise Server Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | 8.8 |
| 2017-11-10 | CVE-2017-16780 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | 9.8 |
| 2017-11-06 | CVE-2017-16570 | Cross-Site Request Forgery (CSRF) vulnerability in Keystonejs Keystone KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. | 8.8 |
| 2017-11-06 | CVE-2017-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 8.8 |
| 2017-11-06 | CVE-2017-16563 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 8.0 |
| 2017-11-03 | CVE-2017-1000147 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. | 6.8 |
| 2017-11-01 | CVE-2017-1300 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |