Total
6247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40331 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | ||||
| CVE-2024-39680 | 1 Boxystudio | 1 Cooked | 2024-08-02 | 5.4 Medium |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39681 | 1 Boxystudio | 1 Cooked | 2024-08-02 | 5.4 Medium |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39678 | 1 Xjsv | 1 Cooked | 2024-08-02 | 4.3 Medium |
| Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39679 | 1 Xjsv | 1 Cooked | 2024-08-02 | 4.3 Medium |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39326 | 1 Nsa | 1 Skills-service | 2024-08-02 | 4.4 Medium |
| SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue. | ||||
| CVE-2024-39155 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 6.8 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add. | ||||
| CVE-2024-39154 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. | ||||
| CVE-2024-39157 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 3.8 Low |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | ||||
| CVE-2024-39119 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. | ||||
| CVE-2024-39063 | 1 Limesurvey | 1 Limesurvey | 2024-08-02 | 8.8 High |
| Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests. | ||||
| CVE-2024-39156 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 3.8 Low |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | ||||
| CVE-2024-39022 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal | ||||
| CVE-2024-39153 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 4.7 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. | ||||
| CVE-2024-39020 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 6.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close | ||||
| CVE-2024-39090 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 6.1 Medium |
| The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. | ||||
| CVE-2024-39023 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close | ||||
| CVE-2024-39019 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del | ||||
| CVE-2024-38457 | 1 Xenforo | 1 Xenforo | 2024-08-02 | 8.8 High |
| Xenforo before 2.2.16 allows CSRF. | ||||
| CVE-2024-38293 | 1 Alcasar | 1 Alcasar | 2024-08-02 | 9.6 Critical |
| ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. | ||||