Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1914 | 1 Clean-contact Project | 1 Clean-contact | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1603 | 1 Webfwd | 1 Mail Subscribe List | 2022-07-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list | |||||
| CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Dna Center, Linux Kernel and 2 more | 2022-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | |||||
| CVE-2022-33121 | 1 1234n | 1 Minicms | 2022-06-30 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | |||||
| CVE-2020-25252 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | |||||
| CVE-2017-20093 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-06-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2022-34207 | 1 Jenkins | 1 Beaker Builder | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-34209 | 1 Jenkins | 1 Threadfix | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-34211 | 1 Jenkins | 1 Vrealize Orchestrator | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2022-34205 | 1 Jenkins | 1 Jianliao Notification | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | |||||
| CVE-2017-20088 | 1 Bytesforall | 1 Atahualpa | 2022-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2017-20091 | 1 Wpjos | 1 Library File Manager | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20090 | 1 Global Content Blocks Project | 1 Global Content Blocks | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. | |||||
| CVE-2022-34203 | 1 Jenkins | 1 Easyqa | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. | |||||
| CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2022-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | |||||
| CVE-2022-1610 | 1 Seamless Donations Project | 1 Seamless Donations | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2022-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | |||||
| CVE-2017-20065 | 1 Supsystic | 1 Popup | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1818 | 1 Multi-page Toolkit Project | 1 Multi-page Toolkit | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1826 | 1 Cross-linker Project | 1 Cross-linker | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||