Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17903 | Cross-Site Request Forgery (CSRF) vulnerability in Fortunescripts Lynda Clone 1.0 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | 8.8 |
| 2017-12-27 | CVE-2017-17894 | Cross-Site Request Forgery (CSRF) vulnerability in Basic JOB Site Script Project Basic JOB Site Script Readymade Job Site Script has CSRF via the /job URI. | 8.8 |
| 2017-12-27 | CVE-2017-17891 | Cross-Site Request Forgery (CSRF) vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script has CSRF via user-profile-edit.php. | 8.8 |
| 2017-12-21 | CVE-2017-17830 | Cross-Site Request Forgery (CSRF) vulnerability in Doditsolutions BUS Booking Script Bus Booking Script has CSRF via admin/new_master.php. | 6.8 |
| 2017-12-21 | CVE-2017-17827 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. | 8.8 |
| 2017-12-20 | CVE-2017-5263 | Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 8.0 |
| 2017-12-20 | CVE-2017-1746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1631 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-17774 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 admin/configuration.php in Piwigo 2.9.2 has CSRF. | 8.8 |
| 2017-12-16 | CVE-2017-14092 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0 The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 8.8 |