Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-1194 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-04-28 | CVE-2017-2102 | Cross-Site Request Forgery (CSRF) vulnerability in IPA Appgoat 3.0.0 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-24 | CVE-2017-8101 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | 8.8 |
| 2017-04-24 | CVE-2017-8100 | Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | 6.5 |
| 2017-04-24 | CVE-2017-8099 | Cross-Site Request Forgery (CSRF) vulnerability in Browserweb INC Whizz There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | 8.1 |
| 2017-04-24 | CVE-2017-8098 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4 e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. | 6.5 |
| 2017-04-24 | CVE-2016-3691 | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | 8.8 |
| 2017-04-24 | CVE-2017-7852 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink products D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. | 8.8 |
| 2017-04-24 | CVE-2017-8082 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. | 6.5 |