Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-29	CVE-2018-18735	Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish Blog 2.0.33 A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. network catfish-cms CWE-352	6.8
2018-10-29	CVE-2018-18734	Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS 4.8.30 A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. network catfish-cms CWE-352	6.8
2018-10-29	CVE-2018-18712	Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. network wuzhicms CWE-352	6.8
2018-10-29	CVE-2018-18711	Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. network wuzhicms CWE-352	6.8
2018-10-24	CVE-2018-9281	Cross-Site Request Forgery (CSRF) vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. network eaton CWE-352	6.8
2018-10-19	CVE-2018-18420	Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. network tribalsystems CWE-352	6.8
2018-10-18	CVE-2015-4630	Cross-Site Request Forgery (CSRF) vulnerability in Koha Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. network koha CWE-352	6.0
2018-10-18	CVE-2018-12370	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Reader View SameSite cookie protections are not checked on exiting. network canonical mozilla CWE-352	6.8
2018-10-18	CVE-2018-12364	Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. network redhat debian canonical mozilla CWE-352	6.8
2018-10-17	CVE-2018-15438	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. network cisco CWE-352	4.3