Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22695 | 1 Wpgogo | 1 Custom Field Template | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. | |||||
| CVE-2023-22694 | 1 Bigcontact Contact Page Project | 1 Bigcontact Contact Page | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions. | |||||
| CVE-2022-41263 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-07-11 | N/A | 4.3 MEDIUM |
| Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | |||||
| CVE-2023-30607 | 1 Icinga | 1 Icinga Web Jira Integration | 2023-07-11 | N/A | 8.8 HIGH |
| icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. | |||||
| CVE-2023-37131 | 1 Yzncms | 1 Yzncms | 2023-07-11 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. | |||||
| CVE-2022-2353 | 1 Microweber | 1 Microweber | 2023-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | |||||
| CVE-2020-18409 | 1 Catfishcms Project | 1 Catfishcms | 2023-07-06 | N/A | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | |||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2023-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | |||||
| CVE-2020-18416 | 1 Jyuu | 1 Jymusic | 2023-07-05 | N/A | 6.8 MEDIUM |
| An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | |||||
| CVE-2020-18418 | 1 Feifeicms | 1 Feifeicms | 2023-07-05 | N/A | 8.8 HIGH |
| A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | |||||
| CVE-2023-34839 | 1 Issabel | 1 Pbx | 2023-07-03 | N/A | 6.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | |||||
| CVE-2022-2377 | 1 Wpwax | 1 Directorist | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | |||||
| CVE-2022-2382 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | |||||
| CVE-2023-1722 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-06-30 | N/A | 8.8 HIGH |
| Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | |||||
| CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2023-06-28 | N/A | 6.5 MEDIUM |
| Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | |||||
| CVE-2022-3372 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2023-06-28 | N/A | 8.8 HIGH |
| There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. | |||||
| CVE-2023-34028 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Manager Professional | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. | |||||
| CVE-2023-32960 | 1 Updraftplus | 1 Updraftplus | 2023-06-28 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | |||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | |||||
| CVE-2023-23795 | 1 Web-settler | 1 Form Builder | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. | |||||