CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2022(CSRF)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-45674 CSRF 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
2 CVE-2022-45673 CSRF 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
3 CVE-2022-45668 CSRF 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
4 CVE-2022-45667 CSRF 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
5 CVE-2022-45476 352 Exec Code CSRF 2022-11-25 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
6 CVE-2022-45475 352 Exec Code CSRF 2022-11-25 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
7 CVE-2022-45398 352 CSRF 2022-11-15 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
8 CVE-2022-45393 352 CSRF 2022-11-15 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
9 CVE-2022-45149 352 CSRF 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
10 CVE-2022-45130 352 CSRF 2022-11-10 2022-11-15
0.0
None ??? ??? ??? ??? ??? ???
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.
11 CVE-2022-45073 352 CSRF 2022-11-18 2022-11-22
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.
12 CVE-2022-45072 352 CSRF 2022-11-17 2022-11-22
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
13 CVE-2022-45071 352 CSRF 2022-11-17 2022-11-22
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
14 CVE-2022-44937 352 CSRF 2022-11-28 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
15 CVE-2022-44741 352 XSS CSRF 2022-11-08 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
16 CVE-2022-44740 352 CSRF 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.
17 CVE-2022-44737 352 CSRF 2022-11-22 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
18 CVE-2022-44627 352 CSRF 2022-11-03 2022-11-04
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.
19 CVE-2022-44389 352 CSRF 2022-11-14 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.
20 CVE-2022-44387 352 CSRF 2022-11-14 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
21 CVE-2022-43693 352 CSRF 2022-11-14 2022-11-17
0.0
None ??? ??? ??? ??? ??? ???
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
22 CVE-2022-43491 352 CSRF 2022-11-08 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.
23 CVE-2022-43488 352 CSRF 2022-11-09 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
24 CVE-2022-43481 352 CSRF 2022-11-08 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.
25 CVE-2022-43418 352 CSRF 2022-10-19 2022-10-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
26 CVE-2022-43408 838 Bypass CSRF 2022-10-19 2022-10-21
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.
27 CVE-2022-43407 838 Bypass CSRF 2022-10-19 2022-10-21
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.
28 CVE-2022-43340 352 CSRF 2022-10-27 2022-10-31
0.0
None ??? ??? ??? ??? ??? ???
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
29 CVE-2022-43323 352 CSRF 2022-11-14 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
30 CVE-2022-43031 352 CSRF 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
31 CVE-2022-42975 CSRF 2022-10-17 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
32 CVE-2022-42751 352 CSRF 2022-11-03 2022-11-04
0.0
None ??? ??? ??? ??? ??? ???
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
33 CVE-2022-42246 352 CSRF 2022-11-17 2022-11-17
0.0
None ??? ??? ??? ??? ??? ???
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
34 CVE-2022-42199 352 CSRF 2022-10-20 2022-10-21
0.0
None ??? ??? ??? ??? ??? ???
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
35 CVE-2022-42087 352 CSRF 2022-10-12 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
36 CVE-2022-42086 352 CSRF 2022-10-12 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
37 CVE-2022-42078 352 CSRF 2022-10-12 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
38 CVE-2022-42077 352 CSRF 2022-10-12 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
39 CVE-2022-42070 352 CSRF 2022-10-14 2022-10-17
0.0
None ??? ??? ??? ??? ??? ???
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).
40 CVE-2022-41996 352 CSRF 2022-10-27 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
41 CVE-2022-41927 352 CSRF 2022-11-23 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```
42 CVE-2022-41919 352 Bypass CSRF 2022-11-22 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'.
43 CVE-2022-41805 352 CSRF 2022-11-18 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
44 CVE-2022-41685 352 CSRF 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.
45 CVE-2022-41634 352 CSRF 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.
46 CVE-2022-41615 352 XSS CSRF 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
47 CVE-2022-41500 352 CSRF 2022-10-18 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
48 CVE-2022-41489 352 CSRF 2022-10-13 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.
49 CVE-2022-41475 352 CSRF 2022-10-13 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
50 CVE-2022-41474 352 CSRF 2022-10-13 2022-10-14
0.0
None ??? ??? ??? ??? ??? ???
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
Total number of vulnerabilities : 690   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.