Total
6289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2024-08-03 | 8.8 High |
| XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 4.3 Medium |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | ||||
| CVE-2022-36076 | 1 Nodebb | 1 Nodebb | 2024-08-03 | 8.8 High |
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | ||||
| CVE-2022-35943 | 1 Codeigniter | 2 Codeigniter, Shield | 2024-08-03 | 5.9 Medium |
| Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match) | ||||
| CVE-2022-35730 | 1 Oceanwp | 1 Sticky Header | 2024-08-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. | ||||
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2024-08-03 | 4.5 Medium |
| Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | ||||
| CVE-2022-35611 | 1 Bevywise | 1 Mqttroute | 2024-08-03 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | ||||
| CVE-2022-35613 | 1 Konker | 1 Konker Platform | 2024-08-03 | 8.8 High |
| Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-35638 | 1 Ibm | 1 Sterling B2b Integrator | 2024-08-03 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824. | ||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 8.8 High |
| SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. | ||||
| CVE-2022-35196 | 1 Testlink | 1 Testlink | 2024-08-03 | 8.8 High |
| TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. | ||||
| CVE-2022-34937 | 1 Yuba | 1 U5cms | 2024-08-03 | 8.8 High |
| Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | ||||
| CVE-2022-34812 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | ||||
| CVE-2022-34789 | 1 Jenkins | 1 Matrix Reloaded | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | ||||
| CVE-2022-34815 | 1 Jenkins | 1 Request Rename Or Delete | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | ||||
| CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2022-34780 | 1 Jenkins | 1 Xebialabs Xl Release | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-34792 | 1 Jenkins | 1 Recipe | 2024-08-03 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2022-34817 | 1 Jenkins | 1 Failed Job Deactivator | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | ||||
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2024-08-03 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | ||||