Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-21 | CVE-2017-5187 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | 8.8 |
| 2017-08-18 | CVE-2017-12881 | Cross-Site Request Forgery (CSRF) vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | 8.8 |
| 2017-08-18 | CVE-2015-5081 | Cross-Site Request Forgery (CSRF) vulnerability in Django-Cms Django CMS 3.0.13/3.1 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | 8.8 |
| 2017-08-18 | CVE-2017-12593 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | 8.8 |
| 2017-08-18 | CVE-2017-12589 | Cross-Site Request Forgery (CSRF) vulnerability in Tomaxcom R60G Firmware and R60Gv2 Firmware ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | 8.8 |
| 2017-08-17 | CVE-2017-7556 | Cross-Site Request Forgery (CSRF) vulnerability in Hawt Hawtio 1.5.3 Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | 8.8 |
| 2017-08-14 | CVE-2017-12853 | Cross-Site Request Forgery (CSRF) vulnerability in Rtsindia Rwr-3G-100 Firmware 1.0.56 The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 8.8 |
| 2017-08-11 | CVE-2017-6328 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Gateway The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. | 8.8 |
| 2017-08-07 | CVE-2017-12651 | Cross-Site Request Forgery (CSRF) vulnerability in Loginizer Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | 8.8 |
| 2017-08-07 | CVE-2017-6756 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Provisioning 12.2 A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. | 8.8 |