Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-19546 | Cross-Site Request Forgery (CSRF) vulnerability in Jtbc PHP 3.0.1.7 JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | 6.8 |
| 2018-11-26 | CVE-2018-19545 | Cross-Site Request Forgery (CSRF) vulnerability in Jeecms 9.3 JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | 6.8 |
| 2018-11-26 | CVE-2018-19544 | Cross-Site Request Forgery (CSRF) vulnerability in Jeecms 9.3 JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | 4.3 |
| 2018-11-20 | CVE-2018-19376 | Cross-Site Request Forgery (CSRF) vulnerability in Greencms 2.3.0603 An issue was discovered in GreenCMS v2.3.0603. | 5.8 |
| 2018-11-20 | CVE-2018-18773 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | 8.8 |
| 2018-11-20 | CVE-2018-18772 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | 8.8 |
| 2018-11-20 | CVE-2018-19335 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404/20180504 Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-19334 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404 Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-10099 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-17 | CVE-2018-19332 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.5 An issue was discovered in S-CMS v1.5. | 6.8 |