Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-28 | CVE-2017-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2017-04-24 | CVE-2017-8101 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | 8.8 |
2017-04-24 | CVE-2017-8100 | Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | 6.5 |
2017-04-24 | CVE-2017-8099 | Cross-Site Request Forgery (CSRF) vulnerability in Browserweb INC Whizz There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | 8.1 |
2017-04-24 | CVE-2017-8098 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4 e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. | 6.5 |
2017-04-24 | CVE-2016-3691 | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | 8.8 |
2017-04-24 | CVE-2017-7852 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink products D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. | 8.8 |
2017-04-24 | CVE-2017-8082 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. | 6.5 |
2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |
2017-04-21 | CVE-2017-7951 | Cross-Site Request Forgery (CSRF) vulnerability in Wondercms WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | 8.8 |