A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-12-12
Updated
2022-12-14
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-22
Updated
2022-12-30
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
Max CVSS
8.8
EPSS Score
0.18%
Published
2022-12-14
Updated
2023-01-30
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
Max CVSS
4.5
EPSS Score
0.05%
Published
2022-12-13
Updated
2022-12-15
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-13
Updated
2022-12-16
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-12-12
Updated
2022-12-14
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-05
Updated
2022-12-06
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-02
Updated
2022-12-06
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-02
Updated
2022-12-06
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-02
Updated
2022-12-06
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-12-02
Updated
2022-12-06
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.
Max CVSS
6.5
EPSS Score
0.24%
Published
2022-11-25
Updated
2023-02-01
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
Max CVSS
4.3
EPSS Score
0.06%
Published
2022-11-15
Updated
2023-11-01
A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
Max CVSS
3.5
EPSS Score
0.05%
Published
2022-11-15
Updated
2023-11-01
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.
Max CVSS
3.5
EPSS Score
0.05%
Published
2022-12-12
Updated
2022-12-13
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
Max CVSS
5.4
EPSS Score
0.21%
Published
2022-11-23
Updated
2023-01-31
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.
Max CVSS
6.5
EPSS Score
0.08%
Published
2022-11-10
Updated
2022-11-15
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.
Max CVSS
8.8
EPSS Score
0.06%
Published
2022-11-18
Updated
2022-11-22
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-11-17
Updated
2022-11-22
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
Max CVSS
8.8
EPSS Score
0.06%
Published
2022-11-17
Updated
2022-11-22
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-11-28
Updated
2022-12-01
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-12-07
Updated
2022-12-12
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-11-08
Updated
2022-11-09
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-11-18
Updated
2022-11-23
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
Max CVSS
8.8
EPSS Score
0.06%
Published
2022-11-22
Updated
2022-11-28
769 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!