CVE-2018-1000053 CVSS:0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000014 CVSS:6.8
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator. (Last Update:2018-02-07) (Publish Update:2018-01-23)
CVE-2018-1000013 CVSS:6.8
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. (Last Update:2018-02-07) (Publish Update:2018-01-23)
CVE-2018-7219 CVSS:0.0
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. (Last Update:2018-02-19) (Publish Update:2018-02-19)
CVE-2018-7216 CVSS:0.0
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/ in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. (Last Update:2018-02-18) (Publish Update:2018-02-18)
CVE-2018-7176 CVSS:0.0
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). (Last Update:2018-02-18) (Publish Update:2018-02-15)
CVE-2018-6888 CVSS:0.0
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token. (Last Update:2018-02-11) (Publish Update:2018-02-11)
CVE-2018-6656 CVSS:0.0
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. (Last Update:2018-02-06) (Publish Update:2018-02-06)
CVE-2018-6467 CVSS:0.0
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. (Last Update:2018-02-06) (Publish Update:2018-02-06)
CVE-2018-6408 CVSS:0.0
An issue was discovered on Conceptronic CIPCAMPTIWL V3 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. (Last Update:2018-01-30) (Publish Update:2018-01-30)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by