Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2018-7720 Cross-Site Request Forgery (CSRF) vulnerability in Cobub Razor 0.7.2
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
network
low complexity
cobub CWE-352
8.8
8.8
2018-03-07 CVE-2017-11649 Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.
network
low complexity
draytek CWE-352
8.8
8.8
2018-03-06 CVE-2018-7733 Cross-Site Request Forgery (CSRF) vulnerability in Yxtcmf 3.1
An issue was discovered in YxtCMF 3.1.
network
low complexity
yxtcmf CWE-352
8.8
8.8
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
low complexity
auth0 CWE-352
8.8
8.8
2018-03-01 CVE-2018-7634 Cross-Site Request Forgery (CSRF) vulnerability in Enalean Tuleap 9.17
An issue was discovered in Enalean Tuleap 9.17.
network
low complexity
enalean CWE-352
8.8
8.8
2018-03-01 CVE-2018-7590 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
network
low complexity
hoosk CWE-352
8.8
8.8
2018-02-28 CVE-2016-0295 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
8.8
2018-02-23 CVE-2018-0520 Cross-Site Request Forgery (CSRF) vulnerability in FSI Fs010W Firmware 1.3.0
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
network
low complexity
fsi CWE-352
8.8
8.8
2018-02-22 CVE-2018-0148 Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832)
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
network
low complexity
cisco CWE-352
8.8
8.8
2018-02-22 CVE-2018-0146 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework 3.1
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
5.4
5.4