Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10315 | 1 Jenkins | 1 Github Authentication | 2019-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | |||||
| CVE-2019-10307 | 1 Jenkins | 1 Static Analysis Utilities | 2019-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | |||||
| CVE-2019-11416 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2019-05-05 | 9.3 HIGH | 8.8 HIGH |
| A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. | |||||
| CVE-2017-12970 | 1 Apache2triad | 1 Apache2triad | 2019-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. | |||||
| CVE-2018-14930 | 1 Polarisft | 1 Intellect Core Banking | 2019-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. | |||||
| CVE-2019-11617 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 6.8 MEDIUM | 8.8 HIGH |
| doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification. | |||||
| CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2019-05-01 | 6.8 MEDIUM | 8.8 HIGH |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | |||||
| CVE-2017-1000499 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-04-30 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. | |||||
| CVE-2017-18042 | 1 Atlassian | 1 Bamboo | 2019-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11456 | 1 Gilacms | 1 Gila Cms | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | |||||
| CVE-2019-11375 | 1 Meisivod | 1 Msvod | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. | |||||
| CVE-2019-11374 | 1 74cms | 1 74cms | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. | |||||
| CVE-2019-1003010 | 2 Jenkins, Redhat | 2 Git, Openshift Container Platform | 2019-04-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. | |||||
| CVE-2016-5758 | 1 Netiq | 1 Access Manager | 2019-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | |||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2019-04-23 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | |||||
| CVE-2018-19969 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | |||||
| CVE-2018-17168 | 1 Printeron | 1 Printeron | 2019-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | |||||
| CVE-2019-10642 | 1 Contao | 1 Contao Cms | 2019-04-18 | 6.8 MEDIUM | 8.8 HIGH |
| Contao 4.7 allows CSRF. | |||||
| CVE-2019-9176 | 1 Gitlab | 1 Gitlab | 2019-04-17 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. | |||||
| CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2019-04-17 | 6.0 MEDIUM | 8.0 HIGH |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | |||||