Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-08-03 CVE-2018-14926 Cross-Site Request Forgery (CSRF) vulnerability in Matera Banco 1.0.0
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
network
matera CWE-352
6.8
6.8
2018-08-03 CVE-2018-14910 Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php).
network
seacms CWE-352
6.8
6.8
2018-08-03 CVE-2018-14908 Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
network
samsung CWE-352
6.8
6.8
2018-08-01 CVE-2018-0413 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
cisco CWE-352
6.8
6.8
2018-08-01 CVE-2018-1999027 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saltstack
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
jenkins CWE-352
6.8
6.8
2018-07-27 CVE-2018-14603 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2.
network
gitlab CWE-352
6.8
6.8
2018-07-24 CVE-2018-14583 Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.5
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
network
xyhcms CWE-352
6.8
6.8
2018-07-24 CVE-2018-14582 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
network
bagesoft CWE-352
6.8
6.8
2018-07-24 CVE-2017-3187 Cross-Site Request Forgery (CSRF) vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery.
network
dotcms CWE-352
6.8
6.8
2018-07-20 CVE-2018-14421 Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php).
network
seacms CWE-352
6.8
6.8