Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | |||||
| CVE-2022-41232 | 1 Jenkins | 1 Build-publisher | 2022-09-22 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | |||||
| CVE-2022-35196 | 1 Testlink | 1 Testlink | 2022-09-21 | N/A | 8.8 HIGH |
| TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. | |||||
| CVE-2022-29489 | 1 Sucuri | 1 Security | 2022-09-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. | |||||
| CVE-2022-1591 | 1 Wordpress Ping Optimizer Project | 1 Wordpress Ping Optimizer | 2022-09-20 | N/A | 4.3 MEDIUM |
| The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-3232 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-20 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | |||||
| CVE-2022-40623 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2022-09-19 | N/A | 8.8 HIGH |
| The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | |||||
| CVE-2022-3221 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. | |||||
| CVE-2022-38329 | 1 Shopxian | 1 Shopxian Cms | 2022-09-16 | N/A | 4.3 MEDIUM |
| An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17. | |||||
| CVE-2022-32555 | 1 Unisys | 1 Data Exchange Management Studio | 2022-09-16 | N/A | 8.8 HIGH |
| Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. | |||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2022-09-15 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | |||||
| CVE-2022-37411 | 1 Captcha Code Project | 1 Captcha Code | 2022-09-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. | |||||
| CVE-2020-19159 | 1 Laiketui | 1 Laiketui | 2022-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | |||||
| CVE-2022-2542 | 1 Summitmediaconcepts | 1 Ucontext For Clickbank | 2022-09-13 | N/A | 8.8 HIGH |
| The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2022-09-13 | N/A | 8.8 HIGH |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | |||||
| CVE-2022-2541 | 1 Summitmediaconcepts | 1 Ucontext For Amazon | 2022-09-13 | N/A | 8.8 HIGH |
| The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-2540 | 1 Link Optimizer Lite Project | 1 Link Optimizer Lite | 2022-09-13 | N/A | 8.8 HIGH |
| The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-23679 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-13 | N/A | 8.8 HIGH |
| AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-23680 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-12 | N/A | 8.8 HIGH |
| AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2020-10478 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | |||||