Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2023-02-03 | N/A | 8.1 HIGH |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | |||||
| CVE-2022-37719 | 1 Edgenexus | 1 Application Delivery Controller | 2023-02-03 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-24467 | 1 Leaflet Map Project | 1 Leaflet Map | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin | |||||
| CVE-2023-24423 | 1 Jenkins | 1 Gerrit Trigger | 2023-02-03 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | |||||
| CVE-2019-12922 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-02-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |||||
| CVE-2019-10386 | 1 Jenkins | 1 Xl Testview | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10388 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-02-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-10359 | 1 Jenkins | 1 M2release | 2023-02-02 | 6.8 MEDIUM | 6.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | |||||
| CVE-2019-12273 | 1 Outsystems | 1 Outsystems | 2023-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists. | |||||
| CVE-2022-22808 | 1 Schneider-electric | 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | |||||
| CVE-2014-9129 | 1 Cminds | 1 Cm Download Manager | 2023-02-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | |||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | |||||
| CVE-2023-24452 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24457 | 1 Jenkins | 1 Keycloak Authentication | 2023-02-02 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24458 | 1 Jenkins | 1 Bearychat | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-24446 | 1 Jenkins | 1 Openid | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24447 | 1 Jenkins | 1 Rabbitmq Consumer | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | |||||
| CVE-2023-24432 | 1 Jenkins | 1 Orka By Macstadium | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24437 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24434 | 1 Jenkins | 1 Github Pull Request Builder | 2023-02-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||