Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2017-2097 Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
support-project CWE-352
8.8
2017-04-24 CVE-2017-8101 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
network
low complexity
s9y CWE-352
8.8
2017-04-24 CVE-2017-8100 Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
network
low complexity
artistscope CWE-352
6.5
2017-04-24 CVE-2017-8099 Cross-Site Request Forgery (CSRF) vulnerability in Browserweb INC Whizz
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.
network
low complexity
browserweb-inc CWE-352
8.1
2017-04-24 CVE-2017-8098 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing.
network
low complexity
e107 CWE-352
6.5
2017-04-24 CVE-2016-3691 Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
network
low complexity
kallithea-scm CWE-352
8.8
2017-04-24 CVE-2017-7852 Cross-Site Request Forgery (CSRF) vulnerability in Dlink products
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack.
network
low complexity
dlink CWE-352
8.8
2017-04-24 CVE-2017-8082 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI.
network
low complexity
concretecms CWE-352
6.5
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
2017-04-21 CVE-2017-7951 Cross-Site Request Forgery (CSRF) vulnerability in Wondercms
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
network
low complexity
wondercms CWE-352
8.8