Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |
| 2017-04-21 | CVE-2017-7951 | Cross-Site Request Forgery (CSRF) vulnerability in Wondercms WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | 8.8 |
| 2017-04-21 | CVE-2017-7990 | Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0 The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | 8.8 |
| 2017-04-20 | CVE-2016-5401 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | 8.8 |
| 2017-04-20 | CVE-2016-3734 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | 8.8 |
| 2017-04-20 | CVE-2016-1161 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Password Manager PRO 8.5 Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | 8.0 |
| 2017-04-20 | CVE-2017-5156 | Cross-Site Request Forgery (CSRF) vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2 A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. | 8.8 |
| 2017-04-15 | CVE-2017-7881 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. | 8.8 |
| 2017-04-14 | CVE-2017-7877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 8.8 |
| 2017-04-12 | CVE-2016-4891 | Cross-Site Request Forgery (CSRF) vulnerability in Setucocms Project Setucocms Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | 8.8 |