Search
Total
1927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8976 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2023-11-20 | N/A | 8.8 HIGH |
| The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. | |||||
| CVE-2023-48021 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-18 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | |||||
| CVE-2023-48020 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-17 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | |||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-47230 | 1 Cimatti | 1 Wordpress Contact Forms | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | |||||
| CVE-2023-34384 | 1 Kebo Twitter Feed Project | 1 Kebo Twitter Feed | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. | |||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | |||||
| CVE-2023-29238 | 1 Whydonate | 1 Wp Whydonate | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions. | |||||
| CVE-2023-48060 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | |||||
| CVE-2023-48058 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | |||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | |||||
| CVE-2023-46777 | 1 Featherplugins | 1 Custom Login Page \| Temporary Users \| Rebrand Login \| Login Captcha | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions. | |||||
| CVE-2023-27441 | 1 New Adman Project | 1 New Adman | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | |||||
| CVE-2023-28497 | 1 Tribulant | 1 Slideshow Gallery | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | |||||
| CVE-2023-34031 | 1 Casier | 1 Bbpress Toolkit | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. | |||||
| CVE-2023-32502 | 1 Cyberwire | 1 Pro Mime Types | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions. | |||||
| CVE-2023-47238 | 1 Webberzone | 1 Top 10 | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. | |||||
| CVE-2023-34171 | 1 Esiteq | 1 Wp Report Post | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | |||||
| CVE-2023-46242 | 1 Xwiki | 1 Xwiki | 2023-11-14 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability. | |||||
| CVE-2023-47182 | 1 Nazmulhossainnihal | 1 Login Screen Manager | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. | |||||
| CVE-2023-46775 | 1 Zixn | 1 Original Texts Yandex Webmaster | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. | |||||
| CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
| CVE-2023-46779 | 1 Easyrecipe Project | 1 Easyrecipe | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions. | |||||
| CVE-2023-46776 | 1 Josie | 1 Auto Excerpt Everywhere | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. | |||||
| CVE-2023-46781 | 1 Rolandmurg | 1 Current Menu Item For Custom Post Types | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions. | |||||
| CVE-2023-46778 | 1 Thefreewindows | 1 Auto Limit Posts Reloaded | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions. | |||||
| CVE-2023-47186 | 1 Kadencewp | 1 Kadence Woocommerce Email Designer | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions. | |||||
| CVE-2023-46780 | 1 Altersoftware | 1 Alter | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions. | |||||
| CVE-2023-5823 | 1 Themekraft | 1 Tk Google Fonts Gdpr Compliant | 2023-11-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions. | |||||
| CVE-2022-29450 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2023-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | |||||
| CVE-2023-42027 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2023-11-09 | N/A | 8.8 HIGH |
| IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. | |||||
| CVE-2019-9062 | 1 Phpscriptsmall | 1 Online Food Ordering Script | 2023-11-09 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | |||||
| CVE-2023-23473 | 1 Ibm | 1 Infosphere Information Server | 2023-08-29 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. | |||||
| CVE-2023-40172 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-23 | N/A | 8.8 HIGH |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-31452 | 1 Paessler | 1 Prtg Network Monitor | 2023-08-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||||
| CVE-2023-40336 | 1 Jenkins | 1 Folders | 2023-08-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | |||||
| CVE-2023-40341 | 1 Jenkins | 1 Blue Ocean | 2023-08-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | |||||
| CVE-2020-24922 | 1 Xuxueli | 1 Xxl-job | 2023-08-17 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | |||||
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2023-08-17 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | |||||
| CVE-2023-2330 | 1 Gsheetconnector | 1 Caldera Forms Google Sheets Connector | 2023-08-16 | N/A | 8.8 HIGH |
| The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | |||||
| CVE-2023-4276 | 1 Johnkolbert | 1 Absolute Privacy | 2023-08-15 | N/A | 8.8 HIGH |
| The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2019-1713 | 1 Cisco | 13 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 10 more | 2023-08-15 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. | |||||
| CVE-2023-38348 | 1 Lw-systems | 1 Benno Mailarchiv | 2023-08-11 | N/A | 8.8 HIGH |
| A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | |||||
| CVE-2023-38759 | 1 Wger | 1 Workout Manager | 2023-08-11 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | |||||
| CVE-2021-27885 | 1 E107 | 1 E107 | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | |||||
| CVE-2023-2329 | 1 Gsheetconnector | 1 Woocommerce Google Sheet Connector | 2023-08-08 | N/A | 8.8 HIGH |
| The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | |||||
| CVE-2022-43710 | 1 Gxsoftware | 1 Xperiencentral | 2023-08-04 | N/A | 8.8 HIGH |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | |||||
| CVE-2023-33534 | 1 Sztozed | 2 Zlt S10g, Zlt S10g Firmware | 2023-08-04 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. | |||||
| CVE-2023-38512 | 1 Wpstream | 1 Wpstream | 2023-08-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions. | |||||
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2023-08-02 | 5.8 MEDIUM | 8.1 HIGH |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | |||||