| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-13810 |
1 Siemens |
2 Cp 1604 Firmware, Cp 1616 Firmware |
2019-04-18 |
4.3 |
| A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user... |
| CVE-2019-10642 |
1 Contao |
1 Contao Cms |
2019-04-18 |
6.8 |
| Contao 4.7 allows CSRF. |
| CVE-2019-9176 |
1 Gitlab |
1 Gitlab |
2019-04-17 |
5.8 |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. |
| CVE-2016-8201 |
1 Brocade |
1 Virtual Traffic Manager |
2019-04-17 |
6.0 |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. |
| CVE-2018-16365 |
1 Idreamsoft |
1 Icms |
2019-04-16 |
6.8 |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. |
| CVE-2017-5657 |
1 Apache |
1 Archiva |
2019-04-16 |
6.0 |
| Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on... |
| CVE-2016-4469 |
1 Apache |
1 Archiva |
2019-04-16 |
6.8 |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter... |
| CVE-2018-16366 |
1 Idreamsoft |
1 Icms |
2019-04-16 |
6.8 |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. |
| CVE-2017-8928 |
1 Mailcow |
1 Mailcow-dockerized |
2019-04-16 |
6.8 |
| mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. |
| CVE-2018-17584 |
1 Wpfastestcache |
1 Wp Fastest Cache |
2019-04-16 |
6.8 |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. |
| CVE-2018-16966 |
1 File Manager Project |
1 File Manager |
2019-04-16 |
6.8 |
| There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. |
| CVE-2018-19291 |
1 Dilicms |
1 Dilicms |
2019-04-16 |
5.8 |
| An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. |
| CVE-2018-1999027 |
1 Jenkins |
1 Saltstack |
2019-04-16 |
6.8 |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
| CVE-2018-19969 |
1 Phpmyadmin |
1 Phpmyadmin |
2019-04-15 |
6.8 |
| phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new... |
| CVE-2017-18366 |
1 Intelliants |
1 Subrion Cms |
2019-04-15 |
6.8 |
| Subrion CMS 4.1.5 has CSRF in blog/delete/. |
| CVE-2018-2000 |
1 Ibm |
2 Business Automation Workflow, Business Process Manager |
2019-04-15 |
6.8 |
| IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. |
| CVE-2019-10292 |
1 Jenkins |
1 Kmap |
2019-04-15 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-10289 |
1 Jenkins |
1 Netsparker Cloud Scan |
2019-04-15 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-10278 |
1 Jenkins |
1 Jenkins-reviewbot |
2019-04-15 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003098 |
1 Jenkins |
1 Openid |
2019-04-15 |
4.3 |
| A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. |
