Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47132 | 1 Creativeitem | 1 Academy Lms | 2023-02-09 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | |||||
| CVE-2023-0642 | 1 Squidex.io | 1 Squidex | 2023-02-09 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | |||||
| CVE-2021-21395 | 1 Openmage | 1 Magento | 2023-02-07 | N/A | 4.3 MEDIUM |
| Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds. | |||||
| CVE-2022-32516 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 6.5 MEDIUM |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) | |||||
| CVE-2021-24905 | 1 Vsourz | 1 Advanced Cf7 Db | 2023-02-06 | 6.0 MEDIUM | 8.0 HIGH |
| The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. | |||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | |||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2023-02-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | |||||
| CVE-2021-24467 | 1 Leaflet Map Project | 1 Leaflet Map | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin | |||||
| CVE-2022-22808 | 1 Schneider-electric | 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | |||||
| CVE-2014-9129 | 1 Cminds | 1 Cm Download Manager | 2023-02-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | |||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | |||||
| CVE-2019-19833 | 1 Tautulli | 1 Tautulli | 2023-02-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area). | |||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| Ricoh SP C250DN 1.06 devices allow CSRF. | |||||
| CVE-2020-7991 | 1 Adive | 1 Framework | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. | |||||
| CVE-2022-28892 | 1 Mahara | 1 Mahara | 2023-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | |||||
| CVE-2019-4142 | 1 Ibm | 1 Cloud Private | 2023-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. | |||||
| CVE-2023-0438 | 1 Modoboa | 1 Modoboa | 2023-01-30 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0406 | 1 Modoboa | 1 Modoboa | 2023-01-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2023-01-27 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | |||||