The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns...
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axi...
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby ...
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentiall...
In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS version...