Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-05-16 CVE-2017-7662 Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc.
network
low complexity
apache CWE-352
8.8
8.8
2017-05-16 CVE-2017-7661 Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications.
network
low complexity
apache CWE-352
8.8
8.8
2017-05-16 CVE-2017-8382 Cross-Site Request Forgery (CSRF) vulnerability in Admidio 3.2.8
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
network
admidio CWE-352
3.5
3.5
2017-05-15 CVE-2017-7491 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
network
moodle CWE-352
4.3
4.3
2017-05-14 CVE-2017-8930 Cross-Site Request Forgery (CSRF) vulnerability in Simpleinvoices Simple Invoices 2013.1
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. 		6.8
6.8
2017-05-14 CVE-2017-8928 Cross-Site Request Forgery (CSRF) vulnerability in Mailcow Mailcow: Dockerized 0.14
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
network
mailcow CWE-352
6.8
6.8
2017-05-12 CVE-2016-4887 Cross-Site Request Forgery (CSRF) vulnerability in Basercms 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
basercms CWE-352
6.8
6.8
2017-05-12 CVE-2016-4886 Cross-Site Request Forgery (CSRF) vulnerability in Basercms 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
basercms CWE-352
6.8
6.8
2017-05-12 CVE-2016-4885 Cross-Site Request Forgery (CSRF) vulnerability in Basercms 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
basercms CWE-352
6.8
6.8
2017-05-12 CVE-2016-4884 Cross-Site Request Forgery (CSRF) vulnerability in Basercms 3.0.10
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
basercms CWE-352
6.8
6.8