Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

csrf vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2020-35217
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker...
Eclipse Vert.x-web 4.0.0
4.3
CVSSv2
CVE-2022-20613
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname....
Jenkins Mailer 391.ve4a 38c1b Cf4b Jenkins MailerOracle Communications Cloud Native Core Automated Test Suite 1.9.0
NA
CVE-2023-4959
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance....
Redhat Quay 3.0.0
5
CVSSv2
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies....
Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Djangoproject Django 1.9.6Djangoproject Django 1.9.5Djangoproject Django 1.9.4Djangoproject Django 1.9.3Djangoproject Django 1.9.2Djangoproject Django 1.9.9Djangoproject Django 1.9.1Djangoproject Django 1.9.0Djangoproject Django 1.9.8Djangoproject Django 1.9.7Djangoproject DjangoDebian Debian Linux 8.0
6.8
CVSSv2
CVE-2021-40662
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL....
Chamilo Chamilo 1.11.14
5.1
CVSSv2
CVE-2021-26103
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to...
Fortinet FortiproxyFortinet FortiosFortinet Fortios 7.0.0
4.3
CVSSv2
CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains....
Rubyonrails RailsDebian Debian Linux 10.0
6.8
CVSSv2
CVE-2018-14057
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function....
Pimcore Pimcore
4.3
CVSSv2
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF...
Redhat KeycloakRedhat Jboss Enterprise Web Server 1.0.0
NA
CVE-2023-48017
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management....
Dreamer Cms Project Dreamer Cms 4.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XSSCVE-2023-48314CVE-2023-6376CVE-2023-46384arbitrary codeCVE-2023-42917CVE-2023-48842CVE-2023-42916firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook