| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1002150 |
601 |
|
CSRF |
2017-09-14 |
2017-09-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection |
|
2 |
CVE-2017-1000244 |
352 |
|
CSRF |
2017-11-01 |
2017-11-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification |
|
3 |
CVE-2017-1000224 |
352 |
|
CSRF |
2017-11-16 |
2017-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin |
|
4 |
CVE-2017-1000147 |
352 |
|
CSRF |
2017-11-03 |
2017-11-15 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account. |
|
5 |
CVE-2017-1000093 |
352 |
|
CSRF |
2017-10-04 |
2017-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission. |
|
6 |
CVE-2017-1000091 |
352 |
|
CSRF |
2017-10-04 |
2017-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery. |
|
7 |
CVE-2017-1000090 |
352 |
|
CSRF |
2017-10-04 |
2017-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. |
|
8 |
CVE-2017-1000086 |
352 |
|
CSRF |
2017-10-04 |
2017-11-02 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. |
|
9 |
CVE-2017-1000085 |
352 |
|
CSRF |
2017-10-04 |
2017-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. |
|
10 |
CVE-2017-1000069 |
352 |
|
CSRF |
2017-07-17 |
2017-07-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CSRF in Bitly oauth2_proxy 2.1 during authentication flow |
|
11 |
CVE-2017-1000045 |
352 |
|
Bypass CSRF |
2017-07-17 |
2017-07-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking |
|
12 |
CVE-2017-1000008 |
352 |
|
CSRF |
2017-07-17 |
2017-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. |
|
13 |
CVE-2017-17990 |
352 |
|
CSRF |
2017-12-29 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. |
|
14 |
CVE-2017-17982 |
352 |
|
CSRF |
2017-12-29 |
2018-01-09 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. |
|
15 |
CVE-2017-17960 |
352 |
|
CSRF |
2017-12-28 |
2018-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. |
|
16 |
CVE-2017-17939 |
352 |
|
CSRF |
2017-12-28 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. |
|
17 |
CVE-2017-17936 |
352 |
|
CSRF |
2017-12-28 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Vanguard Marketplace Digital Products PHP has CSRF via /search. |
|
18 |
CVE-2017-17930 |
352 |
|
CSRF |
2017-12-27 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. |
|
19 |
CVE-2017-17908 |
352 |
|
CSRF |
2017-12-27 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. |
|
20 |
CVE-2017-17905 |
352 |
|
CSRF |
2017-12-27 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. |
|
21 |
CVE-2017-17903 |
352 |
|
CSRF |
2017-12-27 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. |
|
22 |
CVE-2017-17894 |
352 |
|
CSRF |
2017-12-27 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Readymade Job Site Script has CSRF via the /job URI. |
|
23 |
CVE-2017-17891 |
352 |
|
CSRF |
2017-12-27 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Readymade Video Sharing Script has CSRF via user-profile-edit.php. |
|
24 |
CVE-2017-17830 |
352 |
|
CSRF |
2017-12-21 |
2018-01-03 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Bus Booking Script has CSRF via admin/new_master.php. |
|
25 |
CVE-2017-17827 |
352 |
|
CSRF |
2017-12-20 |
2018-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. |
|
26 |
CVE-2017-17774 |
352 |
|
CSRF |
2017-12-19 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
admin/configuration.php in Piwigo 2.9.2 has CSRF. |
|
27 |
CVE-2017-17056 |
352 |
|
CSRF |
2017-12-04 |
2017-12-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. |
|
28 |
CVE-2017-16908 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-11-20 |
2018-10-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. |
|
29 |
CVE-2017-16570 |
352 |
|
Bypass CSRF |
2017-11-06 |
2018-01-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. |
|
30 |
CVE-2017-16565 |
352 |
|
CSRF |
2017-11-06 |
2017-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. |
|
31 |
CVE-2017-16563 |
352 |
|
CSRF |
2017-11-06 |
2017-11-27 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. |
|
32 |
CVE-2017-16244 |
352 |
|
Bypass CSRF |
2017-10-31 |
2017-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. |
|
33 |
CVE-2017-15911 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-10-26 |
2017-11-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. |
|
34 |
CVE-2017-15808 |
352 |
|
CSRF |
2017-10-23 |
2017-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. |
|
35 |
CVE-2017-15735 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. |
|
36 |
CVE-2017-15734 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. |
|
37 |
CVE-2017-15733 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. |
|
38 |
CVE-2017-15732 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. |
|
39 |
CVE-2017-15731 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. |
|
40 |
CVE-2017-15730 |
352 |
|
CSRF |
2017-10-22 |
2017-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. |
|
41 |
CVE-2017-15729 |
352 |
|
CSRF |
2017-10-22 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. |
|
42 |
CVE-2017-15645 |
352 |
|
Exec Code CSRF |
2017-10-19 |
2017-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. |
|
43 |
CVE-2017-15516 |
352 |
|
CSRF |
2017-11-16 |
2017-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. |
|
44 |
CVE-2017-15362 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-10-15 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. |
|
45 |
CVE-2017-15296 |
352 |
|
CSRF |
2017-10-16 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. |
|
46 |
CVE-2017-15084 |
352 |
|
CSRF |
2017-10-06 |
2017-10-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. |
|
47 |
CVE-2017-15063 |
352 |
|
CSRF |
2017-10-06 |
2018-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. |
|
48 |
CVE-2017-14956 |
352 |
|
CSRF |
2017-10-18 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks. |
|
49 |
CVE-2017-14925 |
352 |
|
CSRF |
2017-09-29 |
2017-10-06 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. |
|
50 |
CVE-2017-14924 |
352 |
|
+Priv CSRF |
2017-09-29 |
2017-10-06 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. |
