Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 8.8 |
| 2017-11-01 | CVE-2017-16244 | Cross-Site Request Forgery (CSRF) vulnerability in Octobercms October 1.0.426 Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. | 8.8 |
| 2017-10-24 | CVE-2015-5170 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | 8.8 |
| 2017-10-23 | CVE-2015-2878 | Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | 8.8 |
| 2017-10-23 | CVE-2012-4568 | Cross-Site Request Forgery (CSRF) vulnerability in Letodms Project Letodms Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2017-10-23 | CVE-2017-15808 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | 8.8 |
| 2017-10-22 | CVE-2017-15735 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | 8.8 |
| 2017-10-22 | CVE-2017-15734 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | 8.8 |
| 2017-10-22 | CVE-2017-15733 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | 8.8 |
| 2017-10-22 | CVE-2017-15732 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | 8.8 |