CVE-2017-1002150 CVSS:0.0
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection (Last Update:2017-09-14) (Publish Update:2017-09-14)
CVE-2017-1000069 CVSS:6.8
CSRF in Bitly oauth2_proxy 2.1 during authentication flow (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000045 CVSS:6.8
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking (Last Update:2017-07-26) (Publish Update:2017-07-17)
CVE-2017-1000008 CVSS:6.8
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. (Last Update:2017-08-07) (Publish Update:2017-07-17)
CVE-2017-14530 CVSS:0.0
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. (Last Update:2017-09-17) (Publish Update:2017-09-17)
CVE-2017-14267 CVSS:6.8
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. (Last Update:2017-09-15) (Publish Update:2017-09-11)
CVE-2017-14048 CVSS:6.5
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. (Last Update:2017-09-01) (Publish Update:2017-08-31)
CVE-2017-12970 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. (Last Update:2017-09-05) (Publish Update:2017-08-23)
CVE-2017-12949 CVSS:6.5
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. (Last Update:2017-08-24) (Publish Update:2017-08-18)
CVE-2017-12881 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. (Last Update:2017-08-24) (Publish Update:2017-08-18)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by