Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-16 | CVE-2016-1000218 | Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | 8.8 |
| 2017-06-15 | CVE-2017-9673 | Cross-Site Request Forgery (CSRF) vulnerability in Simplece 2.3.0 In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | 8.8 |
| 2017-06-15 | CVE-2017-5244 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. | 3.5 |
| 2017-06-13 | CVE-2017-6659 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 11.5(0)/11.6 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2017-06-09 | CVE-2016-7822 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | 8.8 |
| 2017-06-09 | CVE-2016-7809 | Cross-Site Request Forgery (CSRF) vulnerability in Corega Cg-Wlr300Nx Firmware 1.20 Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. | 8.8 |
| 2017-06-09 | CVE-2016-4909 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4907 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | 8.8 |
| 2017-06-08 | CVE-2016-9991 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.0 |
| 2017-06-08 | CVE-2015-1786 | Cross-Site Request Forgery (CSRF) vulnerability in Zend Framework Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | 8.8 |