Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-12838 | Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5 Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. | 8.8 |
| 2017-09-07 | CVE-2017-11567 | Cross-Site Request Forgery (CSRF) vulnerability in Cesanta Mongoose Embedded web Server Library Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. | 8.8 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-31 | CVE-2017-14048 | Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2 BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. | 8.8 |
| 2017-08-30 | CVE-2017-1442 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-29 | CVE-2016-2965 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. | 6.5 |
| 2017-08-29 | CVE-2016-0356 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. | 6.5 |
| 2017-08-29 | CVE-2016-0355 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. | 6.5 |
| 2017-08-29 | CVE-2017-11455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | 8.8 |
| 2017-08-29 | CVE-2015-3655 | Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | 8.8 |