Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2015-2142 | Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | 8.0 |
| 2017-10-06 | CVE-2017-15084 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | 6.5 |
| 2017-10-06 | CVE-2017-15063 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. | 8.8 |
| 2017-10-05 | CVE-2017-1000093 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 8.8 |
| 2017-10-05 | CVE-2017-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT Git Plugin connects to a user-specified Git repository as part of form validation. | 7.5 |
| 2017-10-05 | CVE-2017-1000091 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. | 6.3 |
| 2017-10-05 | CVE-2017-1000090 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 8.8 |
| 2017-10-05 | CVE-2017-1000085 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. | 6.5 |
| 2017-10-03 | CVE-2016-6806 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Wicket Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. | 8.8 |
| 2017-09-30 | CVE-2017-14925 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. | 8.0 |