Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-10 | CVE-2017-16780 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | 9.8 |
| 2017-11-06 | CVE-2017-16570 | Cross-Site Request Forgery (CSRF) vulnerability in Keystonejs Keystone KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. | 8.8 |
| 2017-11-06 | CVE-2017-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 8.8 |
| 2017-11-06 | CVE-2017-16563 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 8.0 |
| 2017-11-03 | CVE-2017-1000147 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. | 6.8 |
| 2017-11-01 | CVE-2017-1300 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 8.8 |
| 2017-11-01 | CVE-2017-16244 | Cross-Site Request Forgery (CSRF) vulnerability in Octobercms October 1.0.426 Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. | 8.8 |
| 2017-10-24 | CVE-2015-5170 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | 8.8 |
| 2017-10-23 | CVE-2015-2878 | Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | 8.8 |