Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2018-7720 Cross-Site Request Forgery (CSRF) vulnerability in Cobub Razor 0.7.2
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
network
cobub CWE-352
6.8
6.8
2018-03-07 CVE-2017-11649 Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.
network
draytek CWE-352
6.8
6.8
2018-03-06 CVE-2018-7733 Cross-Site Request Forgery (CSRF) vulnerability in Yxtcmf
An issue was discovered in YxtCMF 3.1.
network
yxtcmf CWE-352
6.8
6.8
2018-03-06 CVE-2018-7724 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request.
network
piwigo CWE-352
3.5
3.5
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
auth0 CWE-352
6.8
6.8
2018-03-01 CVE-2018-7634 Cross-Site Request Forgery (CSRF) vulnerability in Enalean Tuleap 9.17
An issue was discovered in Enalean Tuleap 9.17.
network
enalean CWE-352
6.8
6.8
2018-03-01 CVE-2018-7590 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
network
hoosk CWE-352
6.8
6.8
2018-02-28 CVE-2016-0295 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
6.8
2018-02-23 CVE-2018-0520 Cross-Site Request Forgery (CSRF) vulnerability in FSI Fs010W Firmware 1.3.0
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
network
fsi CWE-352
6.8
6.8
2018-02-22 CVE-2018-0148 Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832)
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
network
cisco CWE-352
6.8
6.8