Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 8.8 |
| 2018-03-27 | CVE-2018-8718 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 8.0 |
| 2018-03-26 | CVE-2018-1213 | Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. | 8.8 |
| 2018-03-25 | CVE-2018-8817 | Cross-Site Request Forgery (CSRF) vulnerability in Wampserver Wampserver before 3.1.3 has CSRF in add_vhost.php. | 8.8 |
| 2018-03-24 | CVE-2018-8972 | Cross-Site Request Forgery (CSRF) vulnerability in Creditwestbank Cwcms Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. | 8.8 |
| 2018-03-23 | CVE-2018-1000137 | Cross-Site Request Forgery (CSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | 8.8 |
| 2018-03-22 | CVE-2018-7524 | Cross-Site Request Forgery (CSRF) vulnerability in Geutebrueck G-Cam/Efd-2250 Firmware and Topfd-2125 Firmware A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | 8.8 |
| 2018-03-22 | CVE-2017-0933 | Cross-Site Request Forgery (CSRF) vulnerability in Ubnt Edgeos Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. | 8.0 |
| 2018-03-21 | CVE-2018-1230 | Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Batch Admin Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. | 8.8 |
| 2018-03-20 | CVE-2014-1457 | Cross-Site Request Forgery (CSRF) vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | 8.8 |