Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-30 | CVE-2018-20603 | Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms LEI Feng TV CMS 3.8.6 Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | 6.8 |
| 2018-12-30 | CVE-2018-20598 | Cross-Site Request Forgery (CSRF) vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has ?do=user_addpost CSRF. | 6.8 |
| 2018-12-30 | CVE-2018-20595 | Cross-Site Request Forgery (CSRF) vulnerability in Hsweb 3.0.4 A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | 6.8 |
| 2018-12-28 | CVE-2018-20577 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. | 9.4 |
| 2018-12-28 | CVE-2018-20576 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. | 5.8 |
| 2018-12-28 | CVE-2018-18696 | Cross-Site Request Forgery (CSRF) vulnerability in Microstrategy 10.4/10.4.0026.0049/9.2.1 main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. | 8.8 |
| 2018-12-28 | CVE-2018-15334 | Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Access Policy Manager A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | 4.3 |
| 2018-12-26 | CVE-2018-19182 | Cross-Site Request Forgery (CSRF) vulnerability in Engelsystem 2.0.0 Engelsystem before commit hash 2e28336 allows CSRF. | 6.8 |
| 2018-12-24 | CVE-2018-20419 | Cross-Site Request Forgery (CSRF) vulnerability in Douco Douphp 1.5 DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | 6.8 |
| 2018-12-20 | CVE-2018-8892 | Cross-Site Request Forgery (CSRF) vulnerability in Blackberry Unified Endpoint Manager A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | 4.3 |