Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-30 | CVE-2019-11617 | Cross-Site Request Forgery (CSRF) vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. | 6.8 |
2019-04-30 | CVE-2019-11193 | Cross-Site Request Forgery (CSRF) vulnerability in Infinitumit Directadmin 1.561 The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. | 6.8 |
2019-04-30 | CVE-2018-15206 | Cross-Site Request Forgery (CSRF) vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | 6.8 |
2019-04-30 | CVE-2018-14930 | Cross-Site Request Forgery (CSRF) vulnerability in Polarisft Intellect Core Banking 9.7.1 An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. | 6.8 |
2019-04-30 | CVE-2019-10315 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Authentication Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 8.8 |
2019-04-30 | CVE-2019-10310 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 8.8 |
2019-04-30 | CVE-2019-10307 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Static Analysis Utilities A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | 6.5 |
2019-04-29 | CVE-2018-5123 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | 6.8 |
2019-04-26 | CVE-2015-9284 | Cross-Site Request Forgery (CSRF) vulnerability in Omniauth The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. | 8.8 |
2019-04-22 | CVE-2019-11456 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.10.1 Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | 6.8 |