Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2016-8917 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2017-03-29 CVE-2017-2688 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom ROX I 2.9.0
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.
network
low complexity
siemens CWE-352
8.8
8.8
2017-03-28 CVE-2016-9456 Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
network
low complexity
revive-adserver CWE-352
8.8
8.8
2017-03-28 CVE-2016-9455 Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
network
low complexity
revive-adserver CWE-352
8.8
8.8
2017-03-28 CVE-2016-9127 Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
network
low complexity
revive-adserver CWE-352
8.8
8.8
2017-03-27 CVE-2017-6069 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5
Subrion CMS 4.0.5 has CSRF in admin/blog/add/.
network
low complexity
intelliants CWE-352
8.8
8.8
2017-03-27 CVE-2017-6068 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/.
network
low complexity
intelliants CWE-352
8.8
8.8
2017-03-27 CVE-2017-6066 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/.
network
low complexity
intelliants CWE-352
8.8
8.8
2017-03-27 CVE-2017-6002 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5.10
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/.
network
low complexity
intelliants CWE-352
8.8
8.8
2017-03-23 CVE-2015-8624 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
network
low complexity
mediawiki CWE-352
8.8
8.8