Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3414 | 1 Jenkins | 1 Servicenow Devops | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.
|
|||||
| CVE-2023-3356 | 1 Kreci | 1 Subscribers Text Counter | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
|
|||||
| CVE-2023-3254 | 1 Trustedindex | 1 Widgets For Google Reviews | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-3203 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-3075 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
|
|||||
| CVE-2023-3055 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-3052 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-3029 | 1 Pythagorean Oa Office System Project | 1 Pythagorean Oa Office System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-39989 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
|
|||||
| CVE-2023-39925 | 1 Peepso | 1 Peepso | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.
|
|||||
| CVE-2023-39923 | 1 Radiustheme | 1 The Post Grid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
|
|||||
| CVE-2023-39917 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
|
|||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-11-21 | N/A | 8.9 HIGH |
|
Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.
|
|||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-39372 | 1 Startrinity | 1 Softswitch | 2024-11-21 | N/A | 8.1 HIGH |
|
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
|
|||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.
|
|||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.
|
|||||
| CVE-2023-39166 | 1 Tagdiv | 1 Tagdiv Composer | 2024-11-21 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.
|
|||||
| CVE-2023-39165 | 1 Fetchdesigns | 1 Sign-up Sheets | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.
|
|||||
| CVE-2023-39159 | 1 Multidots | 1 Fraud Prevention For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.
|
|||||
| CVE-2023-39158 | 1 Multidots | 1 Banner Management For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
|
|||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.
|
|||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.
|
|||||
| CVE-2023-39061 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 3.5 LOW |
|
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
|
|||||
| CVE-2023-38999 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
|
|||||
| CVE-2023-38885 | 1 Os4ed | 1 Opensis | 2024-11-21 | N/A | 8.8 HIGH |
|
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.
|
|||||
| CVE-2023-38759 | 1 Wger | 1 Workout Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.
|
|||||
| CVE-2023-38579 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | N/A | 8.0 HIGH |
|
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.
|
|||||
| CVE-2023-38512 | 1 Wpstream | 1 Wpstream | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.
|
|||||
| CVE-2023-38398 | 1 Tablooa | 1 Tablooa | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.
|
|||||
| CVE-2023-38396 | 1 Web-argument | 1 Google-map-shortcode | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.
|
|||||
| CVE-2023-38390 | 1 Anshullabs | 1 Mobile Address Bar Changer | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.
|
|||||
| CVE-2023-38381 | 1 Wp-flybox Project | 1 Wp-flybox | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.
|
|||||
| CVE-2023-38349 | 1 Pnp4nagios | 1 Pnp4nagios | 2024-11-21 | N/A | 8.8 HIGH |
|
PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.
|
|||||
| CVE-2023-38348 | 1 Lw-systems | 1 Benno Mailarchiv | 2024-11-21 | N/A | 8.8 HIGH |
|
A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.
|
|||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.
|
|||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A | 8.1 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
|
|||||
| CVE-2023-38001 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
|
|||||
| CVE-2023-37998 | 1 Saas | 1 Disabler | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.
|
|||||
| CVE-2023-37996 | 1 Gtmetrix | 1 Gtmetrix | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.
|
|||||