CSRF に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2011 年に公開され、CSRF に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2011-5011 | Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php. | 6.8 | 0.78% | 2011-12-25 | 2026-04-29 |
| CVE-2011-3836 | Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors. | 6.8 | 0.24% | 2011-12-24 | 2026-04-29 |
| CVE-2011-4837 | Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs. | 6.8 | 0.20% | 2011-12-15 | 2026-04-29 |
| CVE-2011-3636 | Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | 6.8 | 0.16% | 2011-12-08 | 2026-04-29 |
| CVE-2011-4498 | Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. | 6.8 | 0.09% | 2011-11-21 | 2026-04-29 |
| CVE-2011-2773 | Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. | 6.8 | 0.17% | 2011-11-15 | 2026-04-29 |
| CVE-2011-3994 | Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | 6.8 | 0.13% | 2011-11-03 | 2026-04-29 |
| CVE-2011-4005 | Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. | 9.3 | 0.22% | 2011-11-03 | 2026-04-29 |
| CVE-2011-1364 | Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter. | 6.8 | 0.15% | 2011-10-30 | 2026-04-29 |
| CVE-2011-4173 | Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information. | 6.8 | 0.14% | 2011-10-24 | 2026-04-29 |
| CVE-2011-4140 | The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. | 6.8 | 0.34% | 2011-10-19 | 2026-04-29 |
| CVE-2010-4881 | Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. | 6.8 | 0.13% | 2011-10-07 | 2026-04-29 |
| CVE-2011-2191 | Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | 6.8 | 0.59% | 2011-10-07 | 2026-04-29 |
| CVE-2011-1911 | JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach. | 6.8 | 0.95% | 2011-09-20 | 2026-04-29 |
| CVE-2011-3381 | Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.13% | 2011-09-08 | 2026-04-29 |
| CVE-2011-1341 | Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data. | 6.8 | 0.17% | 2011-08-19 | 2026-04-29 |
| CVE-2011-0551 | Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 | 0.26% | 2011-08-15 | 2026-04-29 |
| CVE-2011-2522 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | 6.8 | 17.51% | 2011-07-29 | 2026-04-29 |
| CVE-2009-4139 | A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access. | 6.8 | 0.10% | 2011-07-27 | 2026-04-29 |
| CVE-2010-3271 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. | 6.8 | 0.61% | 2011-07-18 | 2026-04-29 |