Security Vulnerabilities, CVEs, Published In September 2011 (CSRF)
JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.
Max CVSS
6.8
EPSS Score
1.48%
Published
2011-09-20
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.11%
Published
2011-09-08
Updated
2011-09-14
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
Max CVSS
3.5
EPSS Score
0.18%
Published
2011-09-23
Updated
2018-10-09
3 vulnerabilities found