Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-29 | CVE-2018-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123 A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. | 6.8 |
| 2018-01-29 | CVE-2017-1000356 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 6.8 |
| 2018-01-29 | CVE-2017-4951 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 6.8 |
| 2018-01-29 | CVE-2018-6007 | Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS Support Ticket 1.1.0 CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | 6.8 |
| 2018-01-29 | CVE-2018-5720 | Cross-Site Request Forgery (CSRF) vulnerability in Dodocool Dc38 Firmware Rtn2Aw.Gd.R3465.1.20161103 An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. | 6.8 |
| 2018-01-27 | CVE-2018-6357 | Cross-Site Request Forgery (CSRF) vulnerability in Acurax Social Media Widget The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | 6.8 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 6.8 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2018-01-24 | CVE-2018-5976 | Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 6.8 |
| 2018-01-24 | CVE-2018-5969 | Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 6.8 |