Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27633 | 1 Pixelgrade | 1 Customify | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions. | |||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2023-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | |||||
| CVE-2021-21644 | 1 Jenkins | 1 Config File Provider | 2023-11-30 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | |||||
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2023-11-30 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-20619 | 1 Jenkins | 1 Bitbucket Branch Source | 2023-11-30 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-27204 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-23111 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-23115 | 1 Jenkins | 1 Batch Task | 2023-11-30 | 5.8 MEDIUM | 5.4 MEDIUM |
| Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | |||||
| CVE-2023-27461 | 1 Yoohooplugins | 1 When Last Login | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. | |||||
| CVE-2023-38885 | 1 Os4ed | 1 Opensis | 2023-11-30 | N/A | 8.8 HIGH |
| OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request. | |||||
| CVE-2023-2447 | 1 Userproplugin | 1 Userpro | 2023-11-30 | N/A | 6.1 MEDIUM |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-32514 | 1 Himanshuparashar | 1 Google Site Verification Plugin Using Meta Tag | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | |||||
| CVE-2023-32504 | 1 Kaine | 1 Wise Chat | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3. | |||||
| CVE-2023-32245 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8. | |||||
| CVE-2023-31089 | 1 Webternsolutions | 1 Video Xml Sitemap Generator | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | |||||
| CVE-2023-31075 | 1 Ciphercoin | 1 Easy Hide Login | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8. | |||||
| CVE-2023-28780 | 1 Yoast | 1 Yoast Local Seo | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8. | |||||
| CVE-2023-41792 | 1 Artica | 1 Pandora Fms | 2023-11-29 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773. | |||||