Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-30 | CVE-2017-6042 | Cross-Site Request Forgery (CSRF) vulnerability in Sierra Wireless products A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. | 8.8 |
| 2017-06-30 | CVE-2017-6038 | Cross-Site Request Forgery (CSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. | 7.1 |
| 2017-06-29 | CVE-2017-10681 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10680 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10678 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-5528 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco products Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. | 8.8 |
| 2017-06-27 | CVE-2017-6086 | Cross-Site Request Forgery (CSRF) vulnerability in Vimbadmin 3.0.15 Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | 8.8 |
| 2017-06-16 | CVE-2016-1000218 | Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | 8.8 |
| 2017-06-15 | CVE-2017-9673 | Cross-Site Request Forgery (CSRF) vulnerability in Simplece 2.3.0 In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | 8.8 |
| 2017-06-15 | CVE-2017-5244 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. | 3.5 |