Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-28	CVE-2014-8900	Cross-Site Request Forgery (CSRF) vulnerability in IBM Urbancode Deploy Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. network low complexity ibm CWE-352	8.8
2017-08-25	CVE-2017-7926	Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API 1.8 A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). network low complexity osisoft CWE-352	8.8
2017-08-25	CVE-2017-12703	Cross-Site Request Forgery (CSRF) vulnerability in Westermo products A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. network low complexity westermo CWE-352	8.8
2017-08-23	CVE-2017-12970	Cross-Site Request Forgery (CSRF) vulnerability in Apache2Triad 1.5.4 Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. network low complexity apache2triad CWE-352	8.8
2017-08-22	CVE-2015-5258	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. network low complexity fedoraproject vmware CWE-352	8.8
2017-08-22	CVE-2017-7557	Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0 dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. network low complexity powerdns CWE-352	8.8
2017-08-21	CVE-2017-7423	Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Enterprise Developer and Enterprise Server A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. network low complexity microfocus CWE-352	8.8
2017-08-21	CVE-2017-5187	Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. network low complexity microfocus CWE-352	8.8
2017-08-18	CVE-2017-12881	Cross-Site Request Forgery (CSRF) vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. network low complexity spring-batch-admin-project CWE-352	8.8
2017-08-18	CVE-2015-5081	Cross-Site Request Forgery (CSRF) vulnerability in Django-Cms Django CMS 3.0.13/3.1 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. network low complexity django-cms CWE-352	8.8