Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14924 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 8.0 |
| 2017-09-30 | CVE-2015-9233 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople CP Contact Form With Paypal The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 8.8 |
| 2017-09-26 | CVE-2017-13129 | Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280 Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | 8.0 |
| 2017-09-26 | CVE-2017-7969 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.8 |
| 2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 8.8 |
| 2017-09-25 | CVE-2015-5182 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 8.8 |
| 2017-09-25 | CVE-2017-14683 | Cross-Site Request Forgery (CSRF) vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | 8.8 |
| 2017-09-21 | CVE-2015-0276 | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea 0.1 Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | 8.8 |
| 2017-09-21 | CVE-2017-12253 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. | 8.8 |
| 2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |