CWE:
 

Tytuł
Data
Autor
Low
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
22.05.2022
Rodolfo Tavares
Low
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
11.05.2022
Abisheik M
Low
qdPM 9.2 Cross Site Request Forgery
07.04.2022
Chetanya Sharma
Low
WordPress Curtain 1.0.2 Cross Site Request Forgery
30.03.2022
Hassan Khan Yusufzai
Low
ICEHRM 31.0.0.0S Cross Site Request Forgery
22.03.2022
Devansh Bordia
Low
iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution
22.03.2022
Robert Willis
Low
FileCloud 21.2 Cross Site Request Forgery
23.02.2022
Masashi Fujiwara
High
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
17.02.2022
Stefan Viehbock
Low
WordPress International SMS For Contact Form 7 Integration 1.2 CSRF
15.02.2022
Milad Karimi
Low
Subrion CMS 4.2.1 Cross Site Request Forgery
12.02.2022
Aryan Chehreghani
High
FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery
08.02.2022
Febin Mon Saji
High
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
07.02.2022
T. Weber
Low
OpenBMCS 2.4 Cross Site Request Forgery
17.01.2022
LiquidWorm
Med.
SB Admin Cross Site Request Forgery / SQL Injection
17.01.2022
Taurus Omar
High
Arunna 1.0.0 Cross Site Request Forgery
17.12.2021
L_L
Low
Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery
16.12.2021
LiquidWorm
Low
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
17.11.2021
Rahad Chowdhury
Low
PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
15.11.2021
Hosein Vita
Low
PHPGurukul Hostel Management System 2.1 Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
30.10.2021
Anubhav Singh
Med.
Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting
28.10.2021
Anubhav Singh
Med.
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Add Admin Cross-Site Request Forgery (CSRF)
29.09.2021
LiquidWorm
Low
ECOA Building Automation System multiple Cross-Site Request Forgery (CSRF)
24.09.2021
Neurogenesia
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
Low
WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery
23.09.2021
0xB9
Low
ECOA Building Automation System Cross Site Request Forgery
13.09.2021
Neurogenesia
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Low
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
01.08.2021
LiquidWorm
High
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
30.07.2021
niebardzo
Low
Webmin 1.973 Cross Site Request Forgery
14.07.2021
Mesh3l_911
Low
b2evolution 7.2.2 Cross Site Request Forgery
02.07.2021
Alperen Ergel
Low
ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)
19.06.2021
Piyush Patil & Rafal L...
High
WordPress Plugin Database Backups 1.2.2.6 Database Backup Download CSRF
19.06.2021
0xB9
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Low
Ubee EVW327 Cross Site Request Forgery
01.06.2021
lated
Low
Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (Add Admin)
19.05.2021
Reza Afsahi
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Sipwise C5 NGCP CSC Click2Dial Cross-Site Request Forgery
23.04.2021
LiquidWorm
High
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
18.04.2021
Bobby Cooke
Med.
GetSimple CMS My SMTP Contact Plugin 1.1.1 CSRF to RCE
16.04.2021
Bobby Cooke
Low
DMA Radius Manager 4.4.0 Cross Site Request Forgery
08.04.2021
Issac Briones
Low
Papoo CMS Cross Site Request Forgery
05.04.2021
Reinhard Westerholt
Low
GetSimple CMS Custom JS Plugin 0.1 CSRF to Persistent XSS
31.03.2021
Abhishek Joshi
Low
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
20.03.2021
LiquidWorm
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
Low
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
09.03.2021
Daniel Moreno
Low
e107 CMS 2.3.0 Cross Site Request Forgery
04.03.2021
Tadjmen
High
Unibox 2.4 CSRF / Remote Code Execution
08.02.2021
Kaustubh G. Padwad
Low
Unibox Cross Site Request Forgery
08.02.2021
Kaustubh G. Padwad
Low
bloofoxCMS 0.5.2.1 CSRF (Add user)
05.02.2021
LiPeiYi
Low
Pixelimity 1.0 Cross Site Request Forgery
04.02.2021
Noth
Med.
STVS ProVision 5.9.10 Cross Site Request Forgery
29.01.2021
LiquidWorm
Low
Anchor CMS 0.12.7 CSRF (Delete user)
21.01.2021
Ninad Mishra
Low
PHP-Fusion 9.03.90 Cross Site Request Forgery
16.01.2021
Mohamed Oosman B S
Low
Online Hotel Reservation System 1.0 Cross Site Request Forgery
15.01.2021
Mesut Cetin
Low
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
07.01.2021
Rahul Ramakant Singh
Low
TypeSetter 5.1 Cross Site Request Forgery
03.01.2021
Alperen Ergel
Low
Rukovoditel 2.6.1 Cross Site Request Forgery
15.12.2020
KeopssGroup0day Inc
Low
OpenAsset Digital Asset Management Cross Site Request Forgery
14.12.2020
Jack Misiura
Low
OpenCart 3.0.3.6 Cross Site Request Forgery
10.12.2020
Mahendra Purbia
Low
EgavilanMedia User Registration & Login System with Admin Panel 1.0 CSRF
04.12.2020
Hardik Solanki
Med.
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
28.11.2020
T. Weber
Low
Customer Support System 1.0 Cross Site Request Forgery
11.11.2020
Ahmed Abbas
High
Genexis Platinum-4410 P4410-V2-1.28 Broken Access Control and CSRF
11.11.2020
Jinson Varghese Behana...
Med.
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
05.11.2020
Wolfgang Ettlinger
Low
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
05.11.2020
LiquidWorm
Low
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
29.10.2020
Mohammed Farhan
Low
Textpattern CMS 4.6.2 Cross-site Request Forgery
19.10.2020
Alperen Ergel
Low
B-swiss 3 Digital Signage System 3.6.5 Cross-Site Request Forgery (Add Maintenance Admin)
15.10.2020
LiquidWorm
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Low
Liman 0.7 Cross Site Request Forgery
07.10.2020
George Tsimpidas
Med.
RocketLinx Series Authentication Bypass / CSRF / Command Injection
05.10.2020
T. Weber
Low
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
01.10.2020
Shahrukh Iqbal Mirza
Low
SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery
01.10.2020
LiquidWorm
Low
BlackCat CMS 1.3.6 Cross Site Request Forgery
23.09.2020
Noth
Med.
Scopia XT Desktop 8.3.915.4 Cross-Site Request Forgery (change admin password)
10.09.2020
v1n1v131r4
Med.
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
05.09.2020
T. Weber
Low
Hyland OnBase Cross Site Request Forgery
05.09.2020
Adaptive Security Cons...
Low
Stock Management System 1.0 Cross-Site Request Forgery (Change Username)
02.09.2020
Bobby Cooke & Adeeb Sh...
Med.
All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery (Add Admin)
17.08.2020
Gjoko 'LiquidWorm' Krs...
Low
GetSimple CMS Plugin Multi User 1.8.2 Cross-Site Request Forgery (Add Admin)
14.08.2020
Bobby Cooke
Low
Warehouse Inventory System 1.0 Cross Site Request Forgery
11.08.2020
Bobby Cooke
Low
pfSense 2.4.4-p3 Cross Site Request Forgery
30.07.2020
ghost_fh
Low
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
21.07.2020
LiquidWorm
Low
CMSUno 1.6 Cross-Site Request Forgery (Change Admin Password)
18.07.2020
Noth
Low
Verint Impact 360 15.1 Cross Site Request Forgery
16.07.2020
Ryan Delaney
Low
SuperMicro IPMI 03.40 Cross Site Request Forgery
12.07.2020
Metin Yunus Kandemir
Med.
Online Student Enrollment System 1.0 Cross Site Request Forgery
24.06.2020
BKpatron
Low
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
24.06.2020
Rodolfo Tavares
Low
Navigate CMS 2.8.7 Cross-Site Request Forgery (Add Admin)
08.06.2020
Gus Ralph
Low
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure
06.06.2020
Aaron Bishop
Low
Forma.LMS 5.6.40 Cross Site Request Forgery
22.05.2020
Daniel Ortiz
Low
NukeViet VMS 4.4.00 Cross Site Request Forgery
20.05.2020
JEBARAJ
Low
Maian Support Helpdesk 4.3 Cross-Site Request Forgery (Add Admin)
05.05.2020
Besim ALTINOK
Low
Apache OFBiz 17.12.03 Cross Site Request Forgery
02.05.2020
Faiz Ahmed Zaidi
Low
Complaint Management System 4.2 Cross Site Request Forgery
27.04.2020
Besim Altinok
Low
Edimax EW-7438RPn Cross Site Request Forgery
22.04.2020
Besim Altinok
Low
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
21.04.2020
LiquidWorm
Med.
QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control
21.04.2020
Yorick Koster
High
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
19.04.2020
Sivanesh Ashok
High
Django 3.0 Cross-Site Request Forgery Token Bypass
08.04.2020
Spad Security Group


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-20
Waiting for details
CVE-2022-29430

Updating...
 

 
Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

 
Waiting for details
CVE-2022-29427

Updating...
 

 
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress.

 
2022-05-17
Waiting for details
CVE-2022-29429

Updating...
 

 
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.

 
Waiting for details
CVE-2022-29435

Updating...
 

 
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.

 
2022-05-16
Waiting for details
CVE-2022-1418

Updating...
 

 
The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.

 
Waiting for details
CVE-2022-1407

Updating...
 

 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack

 
2022-05-05
Waiting for details
CVE-2022-1389

Updating...
 

 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2022-05-04
Medium
CVE-2022-25778

Updating...
 

 
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.

 
2022-05-03
Medium
CVE-2022-0916

Vendor: Logitech
Software: Options
 

 
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

 
2022-05-02
Medium
CVE-2022-23904

Vendor: Rainworx
Software: Auctionworx
 

 
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top