CSRF に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2012 年に公開され、CSRF に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2012-5992 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. | 6.8 | 0.59% | 2012-12-19 | 2026-04-29 |
| CVE-2012-5178 | Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | 6.8 | 0.10% | 2012-12-19 | 2026-04-29 |
| CVE-2012-5622 | Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | 6.8 | 0.16% | 2012-12-18 | 2026-04-29 |
| CVE-2012-4608 | Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 | 0.14% | 2012-12-05 | 2026-04-29 |
| CVE-2012-5556 | Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 | 0.15% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5549 | Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.09% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5547 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | 6.8 | 0.13% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5542 | Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." | 6.8 | 0.25% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5450 | Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | 6.8 | 0.27% | 2012-12-03 | 2026-04-29 |
| CVE-2012-4478 | Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | 6.8 | 0.13% | 2012-11-30 | 2026-04-29 |
| CVE-2012-6047 | Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | 6.8 | 0.21% | 2012-11-27 | 2026-04-29 |
| CVE-2010-5285 | Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. | 6.8 | 0.45% | 2012-11-26 | 2026-04-29 |
| CVE-2010-5283 | Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | 6.8 | 0.13% | 2012-11-26 | 2026-04-29 |
| CVE-2011-2908 | Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors. | 6.0 | 0.72% | 2012-11-23 | 2026-04-29 |
| CVE-2012-4205 | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | 6.8 | 0.80% | 2012-11-21 | 2026-04-29 |
| CVE-2012-4943 | Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions. | 6.8 | 0.16% | 2012-11-18 | 2026-04-29 |
| CVE-2012-4935 | Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 | 0.21% | 2012-11-18 | 2026-04-29 |
| CVE-2012-5898 | Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | 6.8 | 0.46% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5891 | Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action. | 6.8 | 0.34% | 2012-11-17 | 2026-04-29 |
| CVE-2012-4853 | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. | 6.8 | 0.16% | 2012-11-14 | 2026-04-29 |