Przykłady dla CWE-352: Cross-Site Request Forgery (CSRF)

	Tytuł	Data	Autor
Low	Casdoor < v1.331.0 /api/set-password CSRF	14.04.2024	Van Lam Nguyen
Med.	ITFlow.org CSRF system settings change	25.02.2024	stehled
Low	ITFlow Cross Site Request Forgery	22.02.2024	stehled
Low	Grocy 4.0.2 Cross Site Request Forgery	03.02.2024	Chance Proctor
Low	TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery	29.10.2023	LiquidWorm
Med.	Urvanov Syntax Highlighter <= 2.8.33 - Highlighting Blocks Mgt via CSRF	27.10.2023	E1.CODERS
Med.	SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect	03.10.2023	Fabian Hagg
Low	PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery	09.08.2023	Hasan Ali YILDIR
Low	WBCE CMS 1.6.1 Open Redirect & CSRF	03.07.2023	Mirabbas Ağalarov
Low	WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting	22.06.2023	Amirhossein Bahramizad...
Low	Siemens SIMATIC S7-1200 Cross Site Request Forgery	21.05.2023	RoseSecurity
Med.	WordPress Core 6.2 XSS / CSRF / Directory Traversal	17.05.2023	Jakub Zoczek
High	KODExplorer 4.49 Cross Site Request Forgery / Shell Upload	21.04.2023	Mr Empy
Low	WordPress Real Estate 7 Theme <= 3.3.4 - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities	05.03.2023	FearZzZz
Low	WordPress WoodMart Theme <= 7.1.1 - Theme License Options Change via CSRF	05.03.2023	FearZzZz
Low	WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery	01.03.2023	fearzzzz
Med.	Demanzo Matrimony 1.5 Cross Site Request Forgery	19.02.2023	indoushka
Med.	WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization	02.02.2023	Marco Wotschka
Low	Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery	11.01.2023	EgiX
High	WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls	11.01.2023	Ramuel Gall
Med.	F5 BIG-IP iControl Cross Site Request Forgery	21.11.2022	Ron Bowes
Low	WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery	15.11.2022	Julien Ahrens
Med.	Online Birth Certificate Management System 1.0 Cross Site Request Forgery	27.09.2022	Yousef Alraddadi
Low	Online Employee Leave Management System 1.0 Cross Site Request Forgery	06.09.2022	Amolo Hunters
High	WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery	06.08.2022	Marco Wotschka
Low	Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery	01.08.2022	Julien Ahrens
Med.	WordPress Plugin Blue Admin 21.06.01 Cross-Site Request Forgery (CSRF)	02.07.2022	Anonymous
Low	Marval MSM 14.19.0.12476 Cross Site Request Forgery	20.06.2022	Momen Eldawakhly
Low	PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting	22.05.2022	Rodolfo Tavares
Low	WordPress Blue Admin 21.06.01 Cross Site Request Forgery	11.05.2022	Abisheik M
Low	qdPM 9.2 Cross Site Request Forgery	07.04.2022	Chetanya Sharma
Low	WordPress Curtain 1.0.2 Cross Site Request Forgery	30.03.2022	Hassan Khan Yusufzai
Low	ICEHRM 31.0.0.0S Cross Site Request Forgery	22.03.2022	Devansh Bordia
Low	iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution	22.03.2022	Robert Willis
Low	FileCloud 21.2 Cross Site Request Forgery	23.02.2022	Masashi Fujiwara
High	Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control	17.02.2022	Stefan Viehbock
Low	WordPress International SMS For Contact Form 7 Integration 1.2 CSRF	15.02.2022	Milad Karimi
Low	Subrion CMS 4.2.1 Cross Site Request Forgery	12.02.2022	Aryan Chehreghani
High	FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery	08.02.2022	Febin Mon Saji
High	Korenix Technology JetWave CSRF / Command Injection / Missing Authentication	07.02.2022	T. Weber
Low	OpenBMCS 2.4 Cross Site Request Forgery	17.01.2022	LiquidWorm
Med.	SB Admin Cross Site Request Forgery / SQL Injection	17.01.2022	Taurus Omar
High	Arunna 1.0.0 Cross Site Request Forgery	17.12.2021	L_L
Low	Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery	16.12.2021	LiquidWorm
Low	Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting	17.11.2021	Rahad Chowdhury
Low	PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)	15.11.2021	Hosein Vita
Low	PHPGurukul Hostel Management System 2.1 Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)	30.10.2021	Anubhav Singh
Med.	Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting	28.10.2021	Anubhav Singh
Med.	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Add Admin Cross-Site Request Forgery (CSRF)	29.09.2021	LiquidWorm
Low	ECOA Building Automation System multiple Cross-Site Request Forgery (CSRF)	24.09.2021	Neurogenesia
High	Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution	23.09.2021	V1n1v131r4
Low	WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery	23.09.2021	0xB9
Low	ECOA Building Automation System Cross Site Request Forgery	13.09.2021	Neurogenesia
Low	Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials	20.08.2021	T. Weber
Low	Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery	01.08.2021	LiquidWorm
High	CloverDX 5.9.0 Code Execution / Cross Site Request Forgery	30.07.2021	niebardzo
Low	Webmin 1.973 Cross Site Request Forgery	14.07.2021	Mesh3l_911
Low	b2evolution 7.2.2 Cross Site Request Forgery	02.07.2021	Alperen Ergel
Low	ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)	19.06.2021	Piyush Patil & Rafal L...
High	WordPress Plugin Database Backups 1.2.2.6 Database Backup Download CSRF	19.06.2021	0xB9
Med.	Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication	01.06.2021	T. Weber
Low	Ubee EVW327 Cross Site Request Forgery	01.06.2021	lated
Low	Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (Add Admin)	19.05.2021	Reza Afsahi
Low	NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery	18.05.2021	Harry Sintonen
Med.	Sipwise C5 NGCP CSC Click2Dial Cross-Site Request Forgery	23.04.2021	LiquidWorm
High	GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution	18.04.2021	Bobby Cooke
Med.	GetSimple CMS My SMTP Contact Plugin 1.1.1 CSRF to RCE	16.04.2021	Bobby Cooke
Low	DMA Radius Manager 4.4.0 Cross Site Request Forgery	08.04.2021	Issac Briones
Low	Papoo CMS Cross Site Request Forgery	05.04.2021	Reinhard Westerholt
Low	GetSimple CMS Custom JS Plugin 0.1 CSRF to Persistent XSS	31.03.2021	Abhishek Joshi
Low	SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery	20.03.2021	LiquidWorm
High	VestaCP 0.9.8 File Upload CSRF	17.03.2021	Fady Othman
Low	OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection	09.03.2021	Daniel Moreno
Low	e107 CMS 2.3.0 Cross Site Request Forgery	04.03.2021	Tadjmen
High	Unibox 2.4 CSRF / Remote Code Execution	08.02.2021	Kaustubh G. Padwad
Low	Unibox Cross Site Request Forgery	08.02.2021	Kaustubh G. Padwad
Low	bloofoxCMS 0.5.2.1 CSRF (Add user)	05.02.2021	LiPeiYi
Low	Pixelimity 1.0 Cross Site Request Forgery	04.02.2021	Noth
Med.	STVS ProVision 5.9.10 Cross Site Request Forgery	29.01.2021	LiquidWorm
Low	Anchor CMS 0.12.7 CSRF (Delete user)	21.01.2021	Ninad Mishra
Low	PHP-Fusion 9.03.90 Cross Site Request Forgery	16.01.2021	Mohamed Oosman B S
Low	Online Hotel Reservation System 1.0 Cross Site Request Forgery	15.01.2021	Mesut Cetin
Low	Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery	07.01.2021	Rahul Ramakant Singh
Low	TypeSetter 5.1 Cross Site Request Forgery	03.01.2021	Alperen Ergel
Low	Rukovoditel 2.6.1 Cross Site Request Forgery	15.12.2020	KeopssGroup0day Inc
Low	OpenAsset Digital Asset Management Cross Site Request Forgery	14.12.2020	Jack Misiura
Low	OpenCart 3.0.3.6 Cross Site Request Forgery	10.12.2020	Mahendra Purbia
Low	EgavilanMedia User Registration & Login System with Admin Panel 1.0 CSRF	04.12.2020	Hardik Solanki
Med.	ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password	28.11.2020	T. Weber
Low	Customer Support System 1.0 Cross Site Request Forgery	11.11.2020	Ahmed Abbas
High	Genexis Platinum-4410 P4410-V2-1.28 Broken Access Control and CSRF	11.11.2020	Jinson Varghese Behana...
Med.	Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure	05.11.2020	Wolfgang Ettlinger
Low	iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery	05.11.2020	LiquidWorm
Low	Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery	29.10.2020	Mohammed Farhan
Low	Textpattern CMS 4.6.2 Cross-site Request Forgery	19.10.2020	Alperen Ergel
Low	B-swiss 3 Digital Signage System 3.6.5 Cross-Site Request Forgery (Add Maintenance Admin)	15.10.2020	LiquidWorm
High	Garfield Petshop 2020-10-01 Cross Site Request Forgery	09.10.2020	Ramdan Yantu
Low	Liman 0.7 Cross Site Request Forgery	07.10.2020	George Tsimpidas
Med.	RocketLinx Series Authentication Bypass / CSRF / Command Injection	05.10.2020	T. Weber
Low	MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials	01.10.2020	Shahrukh Iqbal Mirza

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-18

	CVE-2024-3932	Updating...	A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
	CVE-2023-41864	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.

2024-04-17

CVE-2024-32538	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.
CVE-2024-32550	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.
CVE-2024-32549	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3.

2024-04-16

CVE-2024-3873

Updating...

A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907.

2024-04-15

CVE-2024-32437	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.
CVE-2024-32436	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0.
CVE-2024-32434	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce.This issue affects Order Delivery Date for WooCommerce: from n/a through 3.20.2.
CVE-2024-32433	Updating...	Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This issue affects BEAF: from n/a through 4.5.4.

14.04.2024

25.02.2024

22.02.2024

03.02.2024

29.10.2023

27.10.2023

03.10.2023

09.08.2023

03.07.2023

22.06.2023

21.05.2023

17.05.2023

21.04.2023

05.03.2023

05.03.2023

01.03.2023

19.02.2023

02.02.2023

11.01.2023

11.01.2023

21.11.2022

15.11.2022

27.09.2022

06.09.2022

06.08.2022

01.08.2022

02.07.2022

20.06.2022

22.05.2022

11.05.2022

07.04.2022

30.03.2022

22.03.2022

22.03.2022

23.02.2022

17.02.2022

15.02.2022

12.02.2022

08.02.2022

07.02.2022

17.01.2022

17.01.2022

17.12.2021

16.12.2021

17.11.2021

15.11.2021

30.10.2021

28.10.2021

29.09.2021

24.09.2021

23.09.2021

23.09.2021

13.09.2021

20.08.2021

01.08.2021

30.07.2021

14.07.2021

02.07.2021

19.06.2021

19.06.2021

01.06.2021

01.06.2021

19.05.2021

18.05.2021

23.04.2021

18.04.2021

16.04.2021

08.04.2021

05.04.2021

31.03.2021

20.03.2021

17.03.2021

09.03.2021

04.03.2021

08.02.2021