Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14043 | 1 Codiad | 1 Codiad | 2022-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | |||||
| CVE-2022-43470 | 1 Fsi | 8 Fs020w, Fs020w Firmware, Fs030w and 5 more | 2022-12-06 | N/A | 7.3 HIGH |
| Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | |||||
| CVE-2022-45674 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 6.5 MEDIUM |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-45673 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 6.5 MEDIUM |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2022-45668 | 1 Tenda | 2 I22, I22 Firmware | 2022-12-06 | N/A | 6.5 MEDIUM |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-45667 | 1 Tenda | 2 I22, I22 Firmware | 2022-12-06 | N/A | 6.5 MEDIUM |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2019-4212 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. | |||||
| CVE-2022-40489 | 1 Thinkcmf | 1 Thinkcmf | 2022-12-02 | N/A | 8.8 HIGH |
| ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | |||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2022-12-01 | N/A | 6.5 MEDIUM |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | |||||
| CVE-2022-41925 | 1 Tailscale | 1 Tailscale | 2022-12-01 | N/A | 8.8 HIGH |
| A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue. | |||||
| CVE-2019-6561 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2022-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | |||||
| CVE-2022-41927 | 1 Xwiki | 1 Xwiki | 2022-11-30 | N/A | 7.4 HIGH |
| XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ``` | |||||
| CVE-2020-5517 | 1 Blueonyx | 2 5209r, 5209r Firmware | 2022-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. | |||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2022-11-28 | N/A | 8.8 HIGH |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | |||||
| CVE-2020-23592 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 8.8 HIGH |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | |||||
| CVE-2020-23590 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 6.5 MEDIUM |
| A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp". | |||||
| CVE-2020-23589 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 6.5 MEDIUM |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp." | |||||
| CVE-2020-23588 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 4.3 MEDIUM |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ". | |||||
| CVE-2020-23587 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 3.1 LOW |
| A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ". | |||||
| CVE-2020-23586 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 4.3 MEDIUM |
| A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule. | |||||