Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-16 | CVE-2017-14092 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0 The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 8.8 |
| 2017-12-14 | CVE-2017-5264 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Nexpose Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | 8.8 |
| 2017-12-13 | CVE-2017-14362 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32 Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.3 |
| 2017-12-04 | CVE-2017-17056 | Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280 The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. | 8.8 |
| 2017-11-30 | CVE-2017-12631 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
| 2017-11-28 | CVE-2016-10701 | Cross-Site Request Forgery (CSRF) vulnerability in Hitachivantara Pentaho Business Analytics 8.0 In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | 8.8 |
| 2017-11-22 | CVE-2017-8138 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2017-11-17 | CVE-2017-1000224 | Cross-Site Request Forgery (CSRF) vulnerability in Embedplus Youtube CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | 6.5 |
| 2017-11-16 | CVE-2017-15516 | Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | 8.8 |
| 2017-11-15 | CVE-2017-7851 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 |