Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2016-5789 Cross-Site Request Forgery (CSRF) vulnerability in Jantek Jtc-200 Firmware
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions.
network
jantek CWE-352
6.0
2017-10-06 CVE-2015-2143 Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.
6.8
2017-10-06 CVE-2015-2142 Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.
6.0
2017-10-06 CVE-2017-15084 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
network
rapid7 CWE-352
4.3
2017-10-06 CVE-2017-15063 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error.
6.8
2017-10-05 CVE-2017-1000093 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
network
jenkins CWE-352
6.8
2017-10-05 CVE-2017-1000092 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT
Git Plugin connects to a user-specified Git repository as part of form validation.
network
high complexity
jenkins CWE-352
2.6
2017-10-05 CVE-2017-1000091 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g.
network
jenkins CWE-352
6.8
2017-10-05 CVE-2017-1000090 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
network
jenkins CWE-352
6.8
2017-10-05 CVE-2017-1000085 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g.
network
jenkins CWE-352
4.3