Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.
Max CVSS
7.1
EPSS Score
N/A
Published
2024-03-27
Updated
2024-03-27
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-19
Updated
2024-03-19
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.
Max CVSS
8.2
EPSS Score
0.06%
Published
2024-03-20
Updated
2024-03-21
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!