Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-11617 Cross-Site Request Forgery (CSRF) vulnerability in Doorgets CMS 7.0
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php.
network
doorgets CWE-352
6.8
6.8
2019-04-30 CVE-2019-11193 Cross-Site Request Forgery (CSRF) vulnerability in Infinitumit Directadmin 1.561
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. 		6.8
6.8
2019-04-30 CVE-2018-15206 Cross-Site Request Forgery (CSRF) vulnerability in Bpcbt Smartvista 2
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
network
bpcbt CWE-352
6.8
6.8
2019-04-30 CVE-2018-14930 Cross-Site Request Forgery (CSRF) vulnerability in Polarisft Intellect Core Banking 9.7.1
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1.
network
polarisft CWE-352
6.8
6.8
2019-04-30 CVE-2019-10315 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Authentication
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-04-30 CVE-2019-10310 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
network
low complexity
jenkins CWE-352
8.8
8.8
2019-04-30 CVE-2019-10307 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Static Analysis Utilities
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.
network
low complexity
jenkins CWE-352
6.5
6.5
2019-04-29 CVE-2018-5123 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
network
mozilla CWE-352
6.8
6.8
2019-04-26 CVE-2015-9284 Cross-Site Request Forgery (CSRF) vulnerability in Omniauth
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user.
network
low complexity
omniauth CWE-352
8.8
8.8
2019-04-22 CVE-2019-11456 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.10.1
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
network
gilacms CWE-352
6.8
6.8