Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-04-11 CVE-2018-10031 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
network
low complexity
cmsmadesimple CWE-352
8.8
8.8
2018-04-11 CVE-2018-10030 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
network
low complexity
cmsmadesimple CWE-352
8.8
8.8
2018-04-10 CVE-2018-9927 Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms 4.1.0
An issue was discovered in WUZHI CMS 4.1.0.
network
low complexity
wuzhicms CWE-352
8.8
8.8
2018-04-10 CVE-2018-9926 Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms 4.1.0
An issue was discovered in WUZHI CMS 4.1.0.
network
low complexity
wuzhicms CWE-352
8.8
8.8
2018-04-10 CVE-2018-9923 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms
An issue was discovered in idreamsoft iCMS through 7.0.7.
network
low complexity
icmsdev CWE-352
8.8
8.8
2018-04-09 CVE-2018-9856 Cross-Site Request Forgery (CSRF) vulnerability in Kotti Project Kotti
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
network
low complexity
kotti-project CWE-352
8.8
8.8
2018-04-06 CVE-2014-5072 Cross-Site Request Forgery (CSRF) vulnerability in Wpsecurityauditlog WP Security Audit LOG
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
wpsecurityauditlog CWE-352
8.8
8.8
2018-04-06 CVE-2014-5034 Cross-Site Request Forgery (CSRF) vulnerability in Fresh-Media Brute Force Login Protection 1.3
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.
network
low complexity
fresh-media CWE-352
8.8
8.8
2018-04-05 CVE-2018-1000153 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Vsphere
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").
network
low complexity
jenkins CWE-352
8.8
8.8
2018-04-04 CVE-2018-6874 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
network
low complexity
auth0 CWE-352
8.8
8.8