Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-09-07 CVE-2017-11567 Cross-Site Request Forgery (CSRF) vulnerability in Cesanta Mongoose Embedded web Server Library
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save.
network
low complexity
cesanta CWE-352
8.8
2017-09-05 CVE-2017-1097 Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-08-31 CVE-2017-14048 Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php.
network
low complexity
blackcat-cms CWE-352
8.8
2017-08-30 CVE-2017-1442 Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-08-29 CVE-2016-2965 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2016-0356 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2016-0355 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2017-11455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
network
low complexity
pulsesecure ivanti CWE-352
8.8
2017-08-29 CVE-2015-3655 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
network
low complexity
arubanetworks CWE-352
8.8
2017-08-28 CVE-2014-8900 Cross-Site Request Forgery (CSRF) vulnerability in IBM Urbancode Deploy
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
network
low complexity
ibm CWE-352
8.8