High
CVE-2018-4066
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated u…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 62/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2019-05-06
High
CVE-2019-5430
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker t…
2019-05-03
Medium
CVE-2019-1857
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform ar…
High
CVE-2019-1713
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF…
2019-04-30
High
CVE-2019-11617
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification.
Medium
CVE-2019-11193
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the a…
High
CVE-2018-15206
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
High
CVE-2018-14930
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.
High
CVE-2019-10315
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
High
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed…
Medium
CVE-2019-10307
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the…
2019-04-29
High
CVE-2019-11591
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there…
High
CVE-2019-11590
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be…
2019-04-26
High
CVE-2019-11557
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, becaus…
High
CVE-2015-9284
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without…
2019-04-24
High
CVE-2019-8991
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Se…
Medium
CVE-2019-11203
The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Si…
2019-04-22
High
CVE-2019-11456
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
High
CVE-2019-11416
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
2019-04-20
Medium
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
High
CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
2019-04-18
High
CVE-2019-3718
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CS…
Medium
CVE-2019-10304
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an at…
High
CVE-2019-10300
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacke…
Medium
CVE-2018-17168
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into maki…
High
CVE-2019-1797
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) at…
Medium
CVE-2019-1722
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site reques…
2019-04-17
High
CVE-2019-10642
Contao 4.7 allows CSRF.
Medium
CVE-2019-9176
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
Medium
CVE-2018-13810
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSR…
2019-04-15
High
CVE-2018-16966
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
High
CVE-2018-17584
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
High
CVE-2017-18366
Subrion CMS 4.1.5 has CSRF in blog/delete/.
2019-04-11
High
CVE-2019-11078
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.
High
CVE-2019-11077
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.
2019-04-10
High
CVE-2019-0229
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
2019-04-08
Medium
CVE-2018-2000
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user…
2019-04-05
High
CVE-2019-10888
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.
Medium
CVE-2018-20816
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add da…
High
CVE-2019-10874
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable exten…
2019-04-04
Medium
CVE-2019-10292
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified serve…
Medium
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initia…
Medium
CVE-2019-10278
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an att…
Medium
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an atta…
Medium
CVE-2019-1003092
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-sp…
Medium
CVE-2019-1003090
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an a…
Medium
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connect…
Medium
CVE-2019-1003084
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection t…
Medium
CVE-2019-1003082
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specif…
Medium
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a…
Medium
CVE-2019-1003078
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connecti…
Medium
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connect…
Medium
CVE-2019-1003058
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified se…
2019-04-03
High
CVE-2019-10673
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information…
2019-04-02
Medium
CVE-2018-1622
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr…
2019-04-01
Medium
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherw…
High
CVE-2014-7198
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.
2019-03-30
Critical
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metach…
High
CVE-2019-10644
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.
2019-03-29
High
CVE-2019-9604
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.
2019-03-28
Medium
CVE-2019-6607
On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration u…
Medium
CVE-2019-1003046
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
High
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obta…
2019-03-27
High
CVE-2019-10237
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
2019-03-22
High
CVE-2019-1764
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-s…
2019-03-21
Medium
CVE-2019-7440
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
High
CVE-2019-7433
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
High
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
High
CVE-2019-6967
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
High
CVE-2019-6282
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wi…
High
CVE-2018-20648
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
High
CVE-2018-20644
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
High
CVE-2018-20641
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
High
CVE-2018-20633
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
Medium
CVE-2018-19525
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS…
Medium
CVE-2018-19511
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Medium
CVE-2018-17996
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
High
CVE-2018-14575
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
2019-03-14
High
CVE-2019-9787
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandle…
High
CVE-2019-9769
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
2019-03-12
High
CVE-2019-5924
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
High
CVE-2019-5920
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
2019-03-11
High
CVE-2019-9688
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.
High
CVE-2019-9652
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.
2019-03-07
Medium
CVE-2019-9598
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
High
CVE-2019-8437
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.
High
CVE-2019-6710
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
High
CVE-2018-18449
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
High
CVE-2018-17429
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
High
CVE-2019-9625
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
2019-03-06
Medium
CVE-2019-9603
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
2019-03-05
High
CVE-2019-6561
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
2019-03-03
High
CVE-2019-9549
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
2019-02-26
High
CVE-2019-9182
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the fi…
2019-02-23
High
CVE-2019-9062
PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.
Medium
CVE-2019-9052
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
Medium
CVE-2019-9051
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
Medium
CVE-2019-9049
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
Medium
CVE-2019-9048
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
High
CVE-2019-9040
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
2019-02-18
High
CVE-2019-8910
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
Medium
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
2019-02-15
High
CVE-2019-8347
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
2019-02-11
Medium
CVE-2019-7738
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
High
CVE-2019-7737
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.
Medium
CVE-2019-7730
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
High
CVE-2018-20780
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
2019-02-07
Medium
CVE-2019-7570
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
High
CVE-2019-7569
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.
High
CVE-2019-7566
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
2019-02-06
Medium
CVE-2019-1003012
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18…
Medium
CVE-2019-1003010
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspac…
High
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allo…
High
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary co…
2019-02-05
Medium
CVE-2019-7402
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
2019-02-04
High
CVE-2019-1000022
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF to…
High
CVE-2019-1000003
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post…
High
CVE-2019-7346
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making…
2019-02-01
Medium
CVE-2019-3604
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vecto…
2019-01-24
High
CVE-2019-6779
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.