Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2017-7990 Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
network
low complexity
openmrs CWE-352
8.8
2017-04-20 CVE-2016-5401 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
network
low complexity
redhat CWE-352
8.8
2017-04-20 CVE-2016-3734 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
network
low complexity
moodle CWE-352
8.8
2017-04-20 CVE-2016-1161 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Password Manager PRO 8.5
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).
network
low complexity
zohocorp CWE-352
8.0
2017-04-20 CVE-2017-5156 Cross-Site Request Forgery (CSRF) vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior.
network
low complexity
aveva CWE-352
8.8
2017-04-15 CVE-2017-7881 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header.
network
low complexity
bigtreecms CWE-352
8.8
2017-04-14 CVE-2017-7877 Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
network
low complexity
flatcore CWE-352
8.8
2017-04-12 CVE-2016-4891 Cross-Site Request Forgery (CSRF) vulnerability in Setucocms Project Setucocms
Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.
network
low complexity
setucocms-project CWE-352
8.8
2017-04-12 CVE-2015-7563 Cross-Site Request Forgery (CSRF) vulnerability in Teampass
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
network
low complexity
teampass CWE-352
8.8
2017-04-12 CVE-2016-8718 Cross-Site Request Forgery (CSRF) vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-352
8.8