Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-25 | CVE-2015-3191 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. | 8.8 |
| 2017-05-22 | CVE-2017-5657 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. | 8.0 |
| 2017-05-22 | CVE-2016-4904 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Olivecart Olivecart and Olivecartpro Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | 8.8 |
| 2017-05-22 | CVE-2016-4854 | Cross-Site Request Forgery (CSRF) vulnerability in Nttdocomo L-04D Firmware V10A/V10B Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | 8.8 |
| 2017-05-22 | CVE-2017-6634 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Ethernet 1000 Series Firmware 1.3Base A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. | 8.8 |
| 2017-05-21 | CVE-2017-7620 | Cross-Site Request Forgery (CSRF) vulnerability in Mantisbt MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. | 6.5 |
| 2017-05-18 | CVE-2017-9064 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | 8.8 |
| 2017-05-17 | CVE-2016-3403 | Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. | 8.8 |
| 2017-05-16 | CVE-2017-7662 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. | 8.8 |
| 2017-05-16 | CVE-2017-7661 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |