Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44160 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-09-28 | N/A | 6.5 MEDIUM |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2023-09-27 | N/A | 6.5 MEDIUM |
| In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | |||||
| CVE-2023-43278 | 1 Seacms | 1 Seacms | 2023-09-26 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | |||||
| CVE-2023-42321 | 1 Icmsdev | 1 Icms | 2023-09-22 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | |||||
| CVE-2023-43502 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | |||||
| CVE-2023-43500 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2023-09-22 | N/A | 6.5 MEDIUM |
| The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | |||||
| CVE-2023-40868 | 1 Moosocial | 1 Moosocial | 2023-09-19 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. | |||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2023-09-19 | N/A | 4.3 MEDIUM |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2023-09-19 | N/A | 4.3 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-5036 | 1 Usememos | 1 Memos | 2023-09-19 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. | |||||
| CVE-2023-40953 | 1 Idreamsoft | 1 Icms | 2023-09-12 | N/A | 8.8 HIGH |
| icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2023-41946 | 1 Jenkins | 1 Frugal Testing | 2023-09-11 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username. | |||||
| CVE-2023-41942 | 1 Jenkins | 1 Aws Codecommit Trigger | 2023-09-11 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. | |||||
| CVE-2023-41938 | 1 Jenkins | 1 Ivy | 2023-09-11 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | |||||
| CVE-2015-1391 | 1 Hp | 1 Airwave | 2023-09-08 | N/A | 8.8 HIGH |
| Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | |||||
| CVE-2023-39372 | 1 Startrinity | 1 Softswitch | 2023-09-08 | N/A | 8.8 HIGH |
| StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352) | |||||
| CVE-2023-31174 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2023-09-05 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-40572 | 1 Xwiki | 1 Xwiki | 2023-09-01 | N/A | 8.0 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. | |||||
| CVE-2023-23473 | 1 Ibm | 1 Infosphere Information Server | 2023-08-29 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. | |||||