Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-05 | CVE-2017-12439 | Cross-Site Request Forgery (CSRF) vulnerability in Socusoft Flash Slideshow Maker 5.20 SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. | 7.5 |
| 2017-08-02 | CVE-2017-2138 | Cross-Site Request Forgery (CSRF) vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-07-31 | CVE-2017-11726 | Cross-Site Request Forgery (CSRF) vulnerability in Connectwise Manage 2017.5 services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | 8.8 |
| 2017-07-31 | CVE-2017-11648 | Cross-Site Request Forgery (CSRF) vulnerability in Techroutes TR 1803-3G Firmware 2.4.25 Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | 8.8 |
| 2017-07-31 | CVE-2016-9716 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2016-9714 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2017-9490 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | 8.8 |
| 2017-07-31 | CVE-2017-9489 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | 8.8 |
| 2017-07-28 | CVE-2017-11646 | Cross-Site Request Forgery (CSRF) vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. | 8.8 |
| 2017-07-27 | CVE-2017-11680 | Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | 8.8 |