Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-15731 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15730 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15729 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-19 CVE-2017-15645 Cross-Site Request Forgery (CSRF) vulnerability in Webmin
CSRF exists in Webmin 1.850.
network
low complexity
webmin CWE-352
8.8
8.8
2017-10-19 CVE-2017-12271 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Spa300 Firmware and Spa500 Firmware
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2017-10-18 CVE-2017-14956 Cross-Site Request Forgery (CSRF) vulnerability in Alienvault Unified Security Management
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script.
network
low complexity
alienvault CWE-352
5.7
5.7
2017-10-18 CVE-2015-7715 Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Property Listing 8.9/8.9.2
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
network
low complexity
realtyna CWE-352
8.8
8.8
2017-10-18 CVE-2014-3709 Cross-Site Request Forgery (CSRF) vulnerability in Keycloak
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
network
low complexity
keycloak CWE-352
8.8
8.8
2017-10-17 CVE-2017-14011 Cross-Site Request Forgery (CSRF) vulnerability in Prominent Multiflex M10A Controller Firmware
A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface.
network
low complexity
prominent CWE-352
8.8
8.8
2017-10-16 CVE-2017-15296 Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management
The Java component in SAP CRM has CSRF.
network
low complexity
sap CWE-352
8.8
8.8