Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-26 | CVE-2016-9218 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hybrid Meeting Server 1.0Base A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 8.8 |
| 2017-01-23 | CVE-2016-6521 | Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6 Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | 8.8 |
| 2017-01-18 | CVE-2016-3406 | Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. | 8.8 |
| 2017-01-18 | CVE-2016-6897 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. | 6.5 |
| 2017-01-18 | CVE-2016-7980 | Cross-Site Request Forgery (CSRF) vulnerability in Spip Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. | 8.8 |
| 2017-01-16 | CVE-2016-7904 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | 8.0 |
| 2017-01-15 | CVE-2017-5492 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. | 8.8 |
| 2017-01-15 | CVE-2017-5489 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | 8.8 |
| 2017-01-14 | CVE-2016-8201 | Cross-Site Request Forgery (CSRF) vulnerability in Brocade Virtual Traffic Manager 11.0 A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | 8.0 |
| 2017-01-14 | CVE-2017-5476 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 8.8 |