Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39864 | 1 Adobe | 2 Commerce, Magento Open Source | 2024-09-17 | 6.5 Medium |
| Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. | ||||
| CVE-2011-5074 | 1 Sitracker | 1 Support Incident Tracker | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php. | ||||
| CVE-2012-1901 | 1 Flexcms | 1 Flexcms | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save. | ||||
| CVE-2022-35277 | 1 Getresponse | 1 Getresponse | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress. | ||||
| CVE-2018-1432 | 1 Ibm | 1 Infosphere Information Server | 2024-09-17 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. | ||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-09-17 | 7.5 High |
| Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. | ||||
| CVE-2022-29427 | 1 Disable Right Click For Wp Wordpress | 1 Disable Right Click For Wp | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. | ||||
| CVE-2021-36861 | 1 Starfish | 1 Rich Review | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | ||||
| CVE-2021-38342 | 1 Kylephillips | 1 Nested Pages | 2024-09-17 | 8.1 High |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | ||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2024-09-17 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | ||||
| CVE-2022-25615 | 1 Stylemixthemes | 1 Eroom - Zoom Meetings \& Webinar | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | ||||
| CVE-2021-41295 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-17 | 8.8 High |
| ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system. | ||||
| CVE-2021-39044 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | 8.8 High |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. | ||||
| CVE-2019-20415 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-17 | 4.3 Medium |
| Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | ||||
| CVE-2010-1037 | 1 Hp | 1 Systems Insight Manager | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2011-3994 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | ||||
| CVE-2018-10185 | 1 Tuzicms | 1 Tuzicms | 2024-09-17 | N/A |
| An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call. | ||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-09-17 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | ||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2024-09-17 | N/A |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | ||||
| CVE-2016-2965 | 1 Ibm | 1 Sametime | 2024-09-17 | N/A |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | ||||