Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44312 | 1 Firmware Analysis And Comparison Tool Project | 1 Firmware Analysis And Comparison Tool | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. | |||||
| CVE-2022-27432 | 1 Pluck-cms | 1 Pluck | 2022-04-05 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | |||||
| CVE-2022-0499 | 1 Sermon Browser Project | 1 Sermon Browser | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. | |||||
| CVE-2022-0427 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover | |||||
| CVE-2022-0770 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page | |||||
| CVE-2021-26071 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2022-03-30 | 3.5 LOW | 3.5 LOW |
| The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-20098 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-20100 | 1 Atlassian | 3 Jira, Jira Data Center, Jira Server | 2022-03-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-20099 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-20405 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-20411 | 1 Atlassian | 3 Jira, Jira Data Center, Jira Server | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | |||||
| CVE-2019-20415 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | |||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | |||||
| CVE-2022-25576 | 1 Anchorcms | 1 Anchor Cms | 2022-03-29 | 3.5 LOW | 4.5 MEDIUM |
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | |||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | |||||
| CVE-2021-40662 | 1 Chamilo | 1 Chamilo | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. | |||||
| CVE-2021-43738 | 1 Xiaohuanxiong Cms Project | 1 Xiaohuanxiong Cms | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. | |||||
| CVE-2021-43737 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong Cms | 2022-03-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password. | |||||
| CVE-2022-25608 | 1 Yooslider | 1 Yoo Slider | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | |||||
| CVE-2022-27226 | 1 Irz | 10 Rl01, Rl01 Firmware, Rl21 and 7 more | 2022-03-28 | 9.3 HIGH | 8.8 HIGH |
| A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | |||||