Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0374 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-0373 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-23831 | 1 Ledgersmb | 1 Ledgersmb | 2024-02-10 | N/A | 7.5 HIGH |
| LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | |||||
| CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2024-02-08 | 6.0 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3520 | 1 Cmsphp Project | 1 Cmsphp | 2024-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | |||||
| CVE-2004-1995 | 1 Fusetalk | 1 Fusetalk | 2024-02-08 | 7.5 HIGH | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | |||||
| CVE-2004-1703 | 1 Fusionphp | 1 Fusion News | 2024-02-08 | 7.5 HIGH | 8.8 HIGH |
| Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | |||||
| CVE-2004-1842 | 1 Phpnuke | 1 Php-nuke | 2024-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | |||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2024-02-08 | 7.5 HIGH | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | |||||
| CVE-2005-1947 | 1 Invisioncommunity | 1 Gallery | 2024-02-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-08 | 5.0 MEDIUM | 6.5 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2023-20180 | 1 Cisco | 1 Webex Meetings | 2024-02-08 | N/A | 4.3 MEDIUM |
| A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. | |||||
| CVE-2023-20221 | 1 Cisco | 46 Ip Conference Phone 7832, Ip Conference Phone 7832 With Multiplatform Firmware, Ip Conference Phone 8831 and 43 more | 2024-02-08 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition. | |||||
| CVE-2024-1162 | 1 Themeisle | 1 Orbit Fox | 2024-02-08 | N/A | 4.3 MEDIUM |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2024-02-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5. | |||||
| CVE-2023-47781 | 1 Thrivethemes | 1 Thrive Themes Builder | 2024-02-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions. | |||||
| CVE-2024-22136 | 1 Droitthemes | 1 Droit Elementor Addons | 2024-02-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. | |||||
| CVE-2024-22143 | 1 Wpspellcheck | 1 Wpspellcheck | 2024-02-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. | |||||
| CVE-2024-22285 | 1 Elisebosse | 1 Frontpage Manager | 2024-02-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3. | |||||
| CVE-2024-22291 | 1 Marcomilesi | 1 Browser Theme Color | 2024-02-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3. | |||||