Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0515 | 1 Craterapp | 1 Crater | 2022-03-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. | |||||
| CVE-2022-0681 | 1 Simple-membership-plugin | 1 Simple Membership | 2022-03-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack | |||||
| CVE-2022-0616 | 1 Tms-outsource | 1 Amelia | 2022-03-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack | |||||
| CVE-2022-24235 | 1 Snapt | 1 Aria | 2022-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-20401 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. | |||||
| CVE-2019-11586 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-8447 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11588 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11587 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | |||||
| CVE-2021-24668 | 1 Feataholic | 1 Maz Loader | 2022-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack | |||||
| CVE-2022-22348 | 1 Ibm | 1 Spectrum Protect Operations Center | 2022-03-22 | 3.5 LOW | 2.4 LOW |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. | |||||
| CVE-2022-22346 | 1 Ibm | 1 Spectrum Protect Operations Center | 2022-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. | |||||
| CVE-2021-45886 | 1 Ponton | 1 X\/p Messenger | 2022-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). | |||||
| CVE-2021-25098 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash | |||||
| CVE-2022-0445 | 1 Devowl | 1 Wordpress Real Cookie Banner | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack | |||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | |||||
| CVE-2022-23052 | 1 Petereport Project | 1 Petereport | 2022-03-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. | |||||
| CVE-2021-44321 | 1 Mini-inventory-and-sales-management-system Project | 1 Mini-inventory-and-sales-management-system | 2022-03-10 | 4.3 MEDIUM | 5.0 MEDIUM |
| Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. | |||||
| CVE-2022-24712 | 1 Codeigniter | 1 Codeigniter | 2022-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. | |||||
| CVE-2021-25081 | 1 Wpgooglemap | 1 Wp Google Map | 2022-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack | |||||