Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23993 | 1 Lionscripts | 1 Ip Blocker Lite | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions. | |||||
| CVE-2023-23897 | 1 Ozette | 1 Simple Mobile Url Redirect | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. | |||||
| CVE-2023-23869 | 1 Digitalinspiration | 1 Google Xml Sitemap For Mobile | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions. | |||||
| CVE-2023-23804 | 1 Hasthemes | 1 Ht Feed | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. | |||||
| CVE-2023-23787 | 1 Premmerce | 1 Redirect Manager | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | |||||
| CVE-2023-22695 | 1 Wpgogo | 1 Custom Field Template | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. | |||||
| CVE-2023-22694 | 1 Bigcontact Contact Page Project | 1 Bigcontact Contact Page | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions. | |||||
| CVE-2022-41263 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-07-11 | N/A | 4.3 MEDIUM |
| Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | |||||
| CVE-2023-30607 | 1 Icinga | 1 Icinga Web Jira Integration | 2023-07-11 | N/A | 8.8 HIGH |
| icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. | |||||
| CVE-2023-37131 | 1 Yzncms | 1 Yzncms | 2023-07-11 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. | |||||
| CVE-2022-2353 | 1 Microweber | 1 Microweber | 2023-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | |||||
| CVE-2020-18409 | 1 Catfishcms Project | 1 Catfishcms | 2023-07-06 | N/A | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | |||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2023-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | |||||
| CVE-2023-2533 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2023-07-06 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. | |||||
| CVE-2023-27073 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-07-05 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | |||||
| CVE-2020-18416 | 1 Jyuu | 1 Jymusic | 2023-07-05 | N/A | 6.8 MEDIUM |
| An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | |||||
| CVE-2020-18418 | 1 Feifeicms | 1 Feifeicms | 2023-07-05 | N/A | 8.8 HIGH |
| A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | |||||
| CVE-2023-34839 | 1 Issabel | 1 Pbx | 2023-07-03 | N/A | 6.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | |||||
| CVE-2022-2377 | 1 Wpwax | 1 Directorist | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | |||||
| CVE-2022-2382 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | |||||