Total
8013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5401 | 1 Redhat | 2 Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | |||||
| CVE-2016-1261 | 1 Juniper | 1 Junos | 2025-04-20 | 6.8 MEDIUM | 7.1 HIGH |
| J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | |||||
| CVE-2017-14956 | 1 Alienvault | 1 Unified Security Management | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks. | |||||
| CVE-2016-2965 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | |||||
| CVE-2017-11350 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | |||||
| CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | |||||
| CVE-2017-8875 | 1 Codection | 1 Clean Login | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | |||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | |||||
| CVE-2016-8737 | 1 Apache | 1 Brooklyn | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
| CVE-2017-6411 | 1 Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2017-6659 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. | |||||
| CVE-2017-9517 | 1 Atmail | 1 Atmail | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | |||||
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||||
| CVE-2017-1000091 | 1 Jenkins | 1 Github Branch Source | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
| GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery. | |||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | |||||
| CVE-2017-1000093 | 1 Jenkins | 1 Poll Scm | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission. | |||||
| CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
| CVE-2017-8928 | 1 Mailcow | 1 Mailcow\ | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||||