Debian : Security Vulnerabilities, CVEs, Published In 2017 (CSRF)
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-05-18
Updated
2019-03-15
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Max CVSS
8.6
EPSS Score
0.62%
Published
2017-05-18
Updated
2019-10-03
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Max CVSS
8.8
EPSS Score
1.01%
Published
2017-03-18
Updated
2020-07-08
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
Max CVSS
8.8
EPSS Score
0.71%
Published
2017-09-20
Updated
2022-12-20
4 vulnerabilities found