CVE-2017-1000069 CVSS:6.8
CSRF in Bitly oauth2_proxy 2.1 during authentication flow (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000045 CVSS:0.0
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking (Last Update:2017-07-17) (Publish Update:2017-07-17)
CVE-2017-1000008 CVSS:0.0
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. (Last Update:2017-07-17) (Publish Update:2017-07-17)
CVE-2017-11196 CVSS:6.8
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. (Last Update:2017-07-18) (Publish Update:2017-07-12)
CVE-2017-11193 CVSS:6.8
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. (Last Update:2017-07-19) (Publish Update:2017-07-12)
CVE-2017-10961 CVSS:0.0
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. (Last Update:2017-07-18) (Publish Update:2017-07-18)
CVE-2017-10681 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. (Last Update:2017-07-04) (Publish Update:2017-06-29)
CVE-2017-10680 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. (Last Update:2017-07-03) (Publish Update:2017-06-29)
CVE-2017-10678 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. (Last Update:2017-07-05) (Publish Update:2017-06-29)
CVE-2017-9934 CVSS:4.3
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. (Last Update:2017-07-21) (Publish Update:2017-07-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com