Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23593 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 6.5 MEDIUM |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port. | |||||
| CVE-2020-23585 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 8.8 HIGH |
| A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network". | |||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2022-11-23 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | |||||
| CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 6.5 MEDIUM |
| A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | |||||
| CVE-2022-41634 | 1 Maxfoundry | 1 Media Library Folders | 2022-11-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | |||||
| CVE-2022-44740 | 1 Constantcontact | 1 Creative Mail | 2022-11-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-41685 | 1 Visztpeter | 2 Integration For Szamlazz.hu \& Woocommerce, Package Points And Shipping Labels For Woocommerce | 2022-11-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. | |||||
| CVE-2022-45073 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | |||||
| CVE-2022-45071 | 1 Wpml | 1 Wpml | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-45072 | 1 Wpml | 1 Wpml | 2022-11-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-40686 | 1 Constantcontact | 1 Creative Mail | 2022-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-40695 | 1 Clogica | 1 Seo Redirection | 2022-11-21 | N/A | 8.8 HIGH |
| Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. | |||||
| CVE-2022-41805 | 1 Booster | 1 Booster For Woocommerce | 2022-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. | |||||
| CVE-2022-40687 | 1 Constantcontact | 1 Creative Mail | 2022-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2022-11-17 | N/A | 8.8 HIGH |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | |||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2022-11-17 | N/A | 8.8 HIGH |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | |||||
| CVE-2019-15062 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) | |||||
| CVE-2020-11825 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. | |||||