CWE:
 

Tytuł
Data
Autor
Med.
F5 BIG-IP iControl Cross Site Request Forgery
21.11.2022
Ron Bowes
Low
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
15.11.2022
Julien Ahrens
Med.
Online Birth Certificate Management System 1.0 Cross Site Request Forgery
27.09.2022
Yousef Alraddadi
Low
Online Employee Leave Management System 1.0 Cross Site Request Forgery
06.09.2022
Amolo Hunters
High
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
06.08.2022
Marco Wotschka
Low
Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery
01.08.2022
Julien Ahrens
Med.
WordPress Plugin Blue Admin 21.06.01 Cross-Site Request Forgery (CSRF)
02.07.2022
Anonymous
Low
Marval MSM 14.19.0.12476 Cross Site Request Forgery
20.06.2022
Momen Eldawakhly
Low
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
22.05.2022
Rodolfo Tavares
Low
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
11.05.2022
Abisheik M
Low
qdPM 9.2 Cross Site Request Forgery
07.04.2022
Chetanya Sharma
Low
WordPress Curtain 1.0.2 Cross Site Request Forgery
30.03.2022
Hassan Khan Yusufzai
Low
ICEHRM 31.0.0.0S Cross Site Request Forgery
22.03.2022
Devansh Bordia
Low
iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution
22.03.2022
Robert Willis
Low
FileCloud 21.2 Cross Site Request Forgery
23.02.2022
Masashi Fujiwara
High
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
17.02.2022
Stefan Viehbock
Low
WordPress International SMS For Contact Form 7 Integration 1.2 CSRF
15.02.2022
Milad Karimi
Low
Subrion CMS 4.2.1 Cross Site Request Forgery
12.02.2022
Aryan Chehreghani
High
FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery
08.02.2022
Febin Mon Saji
High
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
07.02.2022
T. Weber
Low
OpenBMCS 2.4 Cross Site Request Forgery
17.01.2022
LiquidWorm
Med.
SB Admin Cross Site Request Forgery / SQL Injection
17.01.2022
Taurus Omar
High
Arunna 1.0.0 Cross Site Request Forgery
17.12.2021
L_L
Low
Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery
16.12.2021
LiquidWorm
Low
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
17.11.2021
Rahad Chowdhury
Low
PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
15.11.2021
Hosein Vita
Low
PHPGurukul Hostel Management System 2.1 Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
30.10.2021
Anubhav Singh
Med.
Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting
28.10.2021
Anubhav Singh
Med.
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Add Admin Cross-Site Request Forgery (CSRF)
29.09.2021
LiquidWorm
Low
ECOA Building Automation System multiple Cross-Site Request Forgery (CSRF)
24.09.2021
Neurogenesia
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
Low
WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery
23.09.2021
0xB9
Low
ECOA Building Automation System Cross Site Request Forgery
13.09.2021
Neurogenesia
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Low
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
01.08.2021
LiquidWorm
High
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
30.07.2021
niebardzo
Low
Webmin 1.973 Cross Site Request Forgery
14.07.2021
Mesh3l_911
Low
b2evolution 7.2.2 Cross Site Request Forgery
02.07.2021
Alperen Ergel
Low
ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)
19.06.2021
Piyush Patil & Rafal L...
High
WordPress Plugin Database Backups 1.2.2.6 Database Backup Download CSRF
19.06.2021
0xB9
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Low
Ubee EVW327 Cross Site Request Forgery
01.06.2021
lated
Low
Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (Add Admin)
19.05.2021
Reza Afsahi
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Sipwise C5 NGCP CSC Click2Dial Cross-Site Request Forgery
23.04.2021
LiquidWorm
High
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
18.04.2021
Bobby Cooke
Med.
GetSimple CMS My SMTP Contact Plugin 1.1.1 CSRF to RCE
16.04.2021
Bobby Cooke
Low
DMA Radius Manager 4.4.0 Cross Site Request Forgery
08.04.2021
Issac Briones
Low
Papoo CMS Cross Site Request Forgery
05.04.2021
Reinhard Westerholt
Low
GetSimple CMS Custom JS Plugin 0.1 CSRF to Persistent XSS
31.03.2021
Abhishek Joshi
Low
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
20.03.2021
LiquidWorm
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
Low
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
09.03.2021
Daniel Moreno
Low
e107 CMS 2.3.0 Cross Site Request Forgery
04.03.2021
Tadjmen
High
Unibox 2.4 CSRF / Remote Code Execution
08.02.2021
Kaustubh G. Padwad
Low
Unibox Cross Site Request Forgery
08.02.2021
Kaustubh G. Padwad
Low
bloofoxCMS 0.5.2.1 CSRF (Add user)
05.02.2021
LiPeiYi
Low
Pixelimity 1.0 Cross Site Request Forgery
04.02.2021
Noth
Med.
STVS ProVision 5.9.10 Cross Site Request Forgery
29.01.2021
LiquidWorm
Low
Anchor CMS 0.12.7 CSRF (Delete user)
21.01.2021
Ninad Mishra
Low
PHP-Fusion 9.03.90 Cross Site Request Forgery
16.01.2021
Mohamed Oosman B S
Low
Online Hotel Reservation System 1.0 Cross Site Request Forgery
15.01.2021
Mesut Cetin
Low
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
07.01.2021
Rahul Ramakant Singh
Low
TypeSetter 5.1 Cross Site Request Forgery
03.01.2021
Alperen Ergel
Low
Rukovoditel 2.6.1 Cross Site Request Forgery
15.12.2020
KeopssGroup0day Inc
Low
OpenAsset Digital Asset Management Cross Site Request Forgery
14.12.2020
Jack Misiura
Low
OpenCart 3.0.3.6 Cross Site Request Forgery
10.12.2020
Mahendra Purbia
Low
EgavilanMedia User Registration & Login System with Admin Panel 1.0 CSRF
04.12.2020
Hardik Solanki
Med.
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
28.11.2020
T. Weber
Low
Customer Support System 1.0 Cross Site Request Forgery
11.11.2020
Ahmed Abbas
High
Genexis Platinum-4410 P4410-V2-1.28 Broken Access Control and CSRF
11.11.2020
Jinson Varghese Behana...
Med.
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
05.11.2020
Wolfgang Ettlinger
Low
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
05.11.2020
LiquidWorm
Low
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
29.10.2020
Mohammed Farhan
Low
Textpattern CMS 4.6.2 Cross-site Request Forgery
19.10.2020
Alperen Ergel
Low
B-swiss 3 Digital Signage System 3.6.5 Cross-Site Request Forgery (Add Maintenance Admin)
15.10.2020
LiquidWorm
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Low
Liman 0.7 Cross Site Request Forgery
07.10.2020
George Tsimpidas
Med.
RocketLinx Series Authentication Bypass / CSRF / Command Injection
05.10.2020
T. Weber
Low
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
01.10.2020
Shahrukh Iqbal Mirza
Low
SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery
01.10.2020
LiquidWorm
Low
BlackCat CMS 1.3.6 Cross Site Request Forgery
23.09.2020
Noth
Med.
Scopia XT Desktop 8.3.915.4 Cross-Site Request Forgery (change admin password)
10.09.2020
v1n1v131r4
Med.
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
05.09.2020
T. Weber
Low
Hyland OnBase Cross Site Request Forgery
05.09.2020
Adaptive Security Cons...
Low
Stock Management System 1.0 Cross-Site Request Forgery (Change Username)
02.09.2020
Bobby Cooke & Adeeb Sh...
Med.
All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery (Add Admin)
17.08.2020
Gjoko 'LiquidWorm' Krs...
Low
GetSimple CMS Plugin Multi User 1.8.2 Cross-Site Request Forgery (Add Admin)
14.08.2020
Bobby Cooke
Low
Warehouse Inventory System 1.0 Cross Site Request Forgery
11.08.2020
Bobby Cooke
Low
pfSense 2.4.4-p3 Cross Site Request Forgery
30.07.2020
ghost_fh
Low
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
21.07.2020
LiquidWorm
Low
CMSUno 1.6 Cross-Site Request Forgery (Change Admin Password)
18.07.2020
Noth
Low
Verint Impact 360 15.1 Cross Site Request Forgery
16.07.2020
Ryan Delaney
Low
SuperMicro IPMI 03.40 Cross Site Request Forgery
12.07.2020
Metin Yunus Kandemir
Med.
Online Student Enrollment System 1.0 Cross Site Request Forgery
24.06.2020
BKpatron
Low
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
24.06.2020
Rodolfo Tavares
Low
Navigate CMS 2.8.7 Cross-Site Request Forgery (Add Admin)
08.06.2020
Gus Ralph
Low
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure
06.06.2020
Aaron Bishop
Low
Forma.LMS 5.6.40 Cross Site Request Forgery
22.05.2020
Daniel Ortiz
Low
NukeViet VMS 4.4.00 Cross Site Request Forgery
20.05.2020
JEBARAJ


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-12-04
Waiting for details
CVE-2022-35730

Updating...
 

 
Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.

 
2022-12-02
Waiting for details
CVE-2022-4220

Updating...
 

 
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

 
Waiting for details
CVE-2022-4219

Updating...
 

 
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

 
Waiting for details
CVE-2022-4218

Updating...
 

 
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

 
2022-11-30
Waiting for details
CVE-2022-26366

Updating...
 

 
Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.

 
2022-11-28
Waiting for details
CVE-2022-3850

Updating...
 

 
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

 
Waiting for details
CVE-2022-3847

Updating...
 

 
The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack

 
Waiting for details
CVE-2022-34654

Updating...
 

 
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress.

 
2022-11-23
Waiting for details
CVE-2022-41927

Updating...
 

 
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```

 
Waiting for details
CVE-2022-41925

Updating...
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top