Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48309 | 1 Sophos | 1 Connect | 2023-03-09 | N/A | 4.3 MEDIUM |
| A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2019-15150 | 1 Schine.games | 1 Mw-oauth2client | 2023-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | |||||
| CVE-2019-13516 | 1 Osisoft | 1 Pi Web Api | 2023-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | |||||
| CVE-2023-1033 | 1 Froxlor | 1 Froxlor | 2023-03-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | |||||
| CVE-2023-27295 | 1 Opencats | 1 Opencats | 2023-03-04 | N/A | 5.4 MEDIUM |
| Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. | |||||
| CVE-2021-34167 | 1 Taogogo | 1 Taocms | 2023-03-03 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | |||||
| CVE-2022-48320 | 1 Tribe29 | 1 Checkmk | 2023-03-02 | N/A | 4.3 MEDIUM |
| Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | |||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2023-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | |||||
| CVE-2016-15005 | 1 Golf Project | 1 Golf | 2023-02-28 | N/A | 8.8 HIGH |
| CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | |||||
| CVE-2019-13364 | 1 Piwigo | 1 Piwigo | 2023-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | |||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2023-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | |||||
| CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2023-02-27 | N/A | 8.1 HIGH |
| A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | |||||
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | |||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2023-02-24 | 4.9 MEDIUM | 5.7 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||||
| CVE-2019-14680 | 1 Mijnpress | 1 Admin-renamer-extended | 2023-02-24 | 3.5 LOW | 5.7 MEDIUM |
| The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2023-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2023-23465 | 1 Mediacp | 1 Media Control Panel | 2023-02-24 | N/A | 8.8 HIGH |
| Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint. | |||||
| CVE-2016-10945 | 1 Pagelines | 1 Pagelines | 2023-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | |||||