Total
6247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9281 | 1 Bg5sbk | 1 Minicms | 2024-10-04 | 4.3 Medium |
| A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-43952 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-10-04 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0. | ||||
| CVE-2024-8458 | 2 Planet, Planet Technology Corp | 6 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 3 more | 2024-10-04 | 8.8 High |
| Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. | ||||
| CVE-2023-7273 | 1 Kiteworks | 1 Owncloud | 2024-10-04 | 6.8 Medium |
| Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim. | ||||
| CVE-2024-42504 | 2024-10-04 | 4.3 Medium | ||
| A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. | ||||
| CVE-2024-41987 | 2024-10-04 | N/A | ||
| The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | ||||
| CVE-2023-27632 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-10-04 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. | ||||
| CVE-2023-4454 | 1 Wallabag | 1 Wallabag | 2024-10-03 | 5.7 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | ||||
| CVE-2023-4455 | 1 Wallabag | 1 Wallabag | 2024-10-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | ||||
| CVE-2024-45372 | 1 Planex | 2 Mzk-dp300n, Mzk-dp300n Firmware | 2024-10-03 | 6.5 Medium |
| MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. | ||||
| CVE-2023-40572 | 1 Xwiki | 1 Xwiki | 2024-10-02 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. | ||||
| CVE-2024-20414 | 1 Cisco | 2 Ios, Ios Xe | 2024-10-02 | 6.5 Medium |
| A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device. | ||||
| CVE-2024-8476 | 1 Wpplugin | 1 Easy Paypal Events | 2024-10-02 | 4.3 Medium |
| The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-47305 | 1 Dineshkarki | 1 Use Any Font | 2024-10-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. | ||||
| CVE-2023-40172 | 1 Fobybus | 1 Social-media-skeleton | 2024-10-02 | 6.5 Medium |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-47082 | 1 Strawberryrocks | 1 Strawberry | 2024-10-01 | 4.6 Medium |
| Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch. | ||||
| CVE-2023-3356 | 1 Kreci | 1 Subscribers Text Counter | 2024-10-01 | 4.3 Medium |
| The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2023-4301 | 1 Jenkins | 1 Fortify | 2024-10-01 | 4.2 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-32245 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-10-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8. | ||||
| CVE-2023-39925 | 1 Peepso | 1 Peepso | 2024-10-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. | ||||