Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-1000053 | Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. | 8.8 |
| 2018-02-07 | CVE-2017-17552 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Admanager Plus /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | 8.8 |
| 2018-02-06 | CVE-2014-5280 | Cross-Site Request Forgery (CSRF) vulnerability in Boot2Docker boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. | 8.8 |
| 2018-02-06 | CVE-2018-6288 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Secure Mail Gateway 1.1 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | 8.8 |
| 2018-02-06 | CVE-2018-6656 | Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.1 Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | 6.5 |
| 2018-02-06 | CVE-2018-6467 | Cross-Site Request Forgery (CSRF) vulnerability in Flickrrss Project Flickrrss 5.3.1 The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | 8.8 |
| 2018-02-05 | CVE-2018-6651 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. | 8.8 |
| 2018-02-05 | CVE-2017-9414 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | 8.8 |
| 2018-02-05 | CVE-2015-4179 | Cross-Site Request Forgery (CSRF) vulnerability in Codestyling Localization Project Codestyling Localization Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. | 8.8 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |