| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-12616 |
1 Phpmyadmin |
1 Phpmyadmin |
2019-06-14 |
4.3 |
| An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the... |
| CVE-2019-0996 |
1 Microsoft |
1 Azure Devops Server 2019 |
2019-06-13 |
4.3 |
| A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'. |
| CVE-2019-10338 |
1 Jenkins |
1 Jx Resources |
2019-06-13 |
6.8 |
| A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking... |
| CVE-2019-10331 |
1 Jenkins |
1 Electricflow |
2019-06-13 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2019-3410 |
|
|
2019-06-12 |
6.8 |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted... |
| CVE-2019-11517 |
1 Wampserver |
1 Wampserver |
2019-06-11 |
5.8 |
| WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner. |
| CVE-2018-10696 |
1 Moxa |
1 Awk-3121 Firmware |
2019-06-11 |
6.8 |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an... |
| CVE-2012-1297 |
1 Contao |
1 Contao Cms |
2019-06-11 |
6.8 |
| Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action... |
| CVE-2018-8817 |
1 Wampserver |
1 Wampserver |
2019-06-10 |
6.8 |
| Wampserver before 3.1.3 has CSRF in add_vhost.php. |
| CVE-2019-1881 |
1 Cisco |
1 Industrial Network Director |
2019-06-07 |
6.8 |
| A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected... |
| CVE-2013-6429 |
2 Springsource, Pivotal Software |
2 Spring Framework, Spring Framework |
2019-06-05 |
6.8 |
| The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and... |
| CVE-2019-10321 |
1 Jfrog |
1 Artifactory |
2019-06-05 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using... |
| CVE-2019-9883 |
|
|
2019-06-04 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via... |
| CVE-2019-9882 |
|
|
2019-06-04 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via... |
| CVE-2018-1000206 |
|
|
2019-06-03 |
6.8 |
| JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be... |
| CVE-2019-10326 |
1 Jenkins |
1 Warnings Next Generation |
2019-06-03 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. |
| CVE-2019-10324 |
1 Jfrog |
1 Artifactory |
2019-06-03 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to... |
| CVE-2018-16218 |
1 Yealink |
1 Ultra-elegant Ip Phone Sip-t41p Firmware |
2019-05-31 |
6.8 |
| A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted... |
| CVE-2019-12502 |
1 Mobotix |
1 S14 Firmware |
2019-05-31 |
9.3 |
| There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. |
| CVE-2017-1000479 |
2 Pfsense, Netgate |
2 Pfsense, Pfsense |
2019-05-30 |
6.8 |
| pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in... |
