Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25832 | 1 Esri | 1 Portal For Arcgis | 2024-08-02 | 8.8 High |
| There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | ||||
| CVE-2023-25767 | 1 Jenkins | 1 Azure Credentials | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | ||||
| CVE-2023-25707 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2024-08-02 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. | ||||
| CVE-2023-25709 | 1 Plainware | 1 Locatoraid | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. | ||||
| CVE-2023-25697 | 1 Gamipress | 1 Gamipress | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6. | ||||
| CVE-2023-25698 | 1 Studiowombat | 1 Shoppable Images | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. | ||||
| CVE-2023-25569 | 1 Apolloconfig | 1 Apollo | 2024-08-02 | 5.7 Medium |
| Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages. | ||||
| CVE-2023-25472 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | ||||
| CVE-2023-25411 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2024-08-02 | 4.3 Medium |
| Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2023-25448 | 1 Archivist Project | 1 Archivist | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | ||||
| CVE-2023-25447 | 1 Inkthemes | 1 Colorway | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | ||||
| CVE-2023-25170 | 1 Prestashop | 1 Prestashop | 2024-08-02 | 5 Medium |
| PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1. | ||||
| CVE-2023-25065 | 1 Shapedplugin | 1 Wp Tabs | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. | ||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-25056 | 1 Slickremix | 1 Feed Them Social | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. | ||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2024-08-02 | 6.5 Medium |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | ||||
| CVE-2023-25066 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. | ||||
| CVE-2023-24434 | 1 Jenkins | 1 Github Pull Request Builder | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-24447 | 1 Jenkins | 1 Rabbitmq Consumer | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | ||||
| CVE-2023-24446 | 1 Jenkins | 1 Openid | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||