Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-29 | CVE-2017-4951 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 8.8 |
| 2018-01-29 | CVE-2018-6007 | Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS Support Ticket 1.1.0 CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | 8.8 |
| 2018-01-29 | CVE-2018-5720 | Cross-Site Request Forgery (CSRF) vulnerability in Dodocool Dc38 Firmware Rtn2Aw.Gd.R3465.1.20161103 An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. | 8.8 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-24 | CVE-2018-5976 | Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 8.8 |
| 2018-01-24 | CVE-2018-5969 | Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 8.8 |
| 2018-01-23 | CVE-2018-1000014 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator. | 8.8 |
| 2018-01-23 | CVE-2018-1000013 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. | 8.8 |
| 2018-01-22 | CVE-2018-6009 | Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | 8.8 |