Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37411 | 1 Captcha Code Project | 1 Captcha Code | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.
|
|||||
| CVE-2022-37405 | 1 Better Font Awesome Project | 1 Better Font Awesome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.
|
|||||
| CVE-2022-37043 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 5.7 MEDIUM |
|
An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.
|
|||||
| CVE-2022-36968 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.
|
|||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
|
|||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | N/A | 8.0 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.
|
|||||
| CVE-2022-36911 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.
|
|||||
| CVE-2022-36908 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.
|
|||||
| CVE-2022-36906 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
|
|||||
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.
|
|||||
| CVE-2022-36886 | 1 Jenkins | 1 External Monitor Job Type | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.
|
|||||
| CVE-2022-36882 | 1 Jenkins | 1 Git | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
|
|||||
| CVE-2022-36798 | 1 Topdigitaltrends | 1 Mega Addons For Wpbakery Page Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.
|
|||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.
|
|||||
| CVE-2022-36579 | 1 Wellcms | 1 Wellcms | 2024-11-21 | N/A | 8.8 HIGH |
|
Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).
|
|||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
|
|||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.
|
|||||
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
|
|||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.
|
|||||
| CVE-2022-36389 | 1 Wordplus | 1 Better Messages | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.
|
|||||
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
|
|||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress.
|
|||||
| CVE-2022-36373 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.
|
|||||
| CVE-2022-36358 | 1 Seoscout | 1 Seo Scout | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.
|
|||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
|
|||||
| CVE-2022-36345 | 1 Metagauss | 1 Download Plugin | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
|
|||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
|
|||||
| CVE-2022-36292 | 1 Wpchill | 1 Gallery Photoblocks | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
|
|||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 8.8 HIGH |
|
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
|
|||||
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 8.8 HIGH |
|
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).
|
|||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.3 MEDIUM |
|
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.
|
|||||
| CVE-2022-36076 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 8.8 HIGH |
|
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. T ...
Show More |
|||||
| CVE-2022-35943 | 1 Codeigniter | 2 Codeigniter, Shield | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/ ...
Show More |
|||||
| CVE-2022-35730 | 1 Oceanwp | 1 Sticky Header | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.
|
|||||
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2024-11-21 | N/A | 4.5 MEDIUM |
|
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
|
|||||
| CVE-2022-35638 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.
|
|||||
| CVE-2022-35286 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | N/A | 8.8 HIGH |
|
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.
|
|||||
| CVE-2022-35285 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | N/A | 8.8 HIGH |
|
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
|
|||||
| CVE-2022-35277 | 1 Getresponse | 1 Getresponse | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress.
|
|||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
|
|||||