Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42603 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
|
|||||
| CVE-2024-42605 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
|
|||||
| CVE-2024-42606 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
|
|||||
| CVE-2024-42607 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
|
|||||
| CVE-2024-42609 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
|
|||||
| CVE-2024-42610 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
|
|||||
| CVE-2024-42611 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
|
|||||
| CVE-2024-42613 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
|
|||||
| CVE-2024-42617 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
|
|||||
| CVE-2024-42618 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
|
|||||
| CVE-2024-42621 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
|
|||||
| CVE-2024-7850 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
|
The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-7645 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 5.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-7422 | 2024-08-19 | N/A | 4.3 MEDIUM | ||
|
The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances.
|
|||||
| CVE-2024-7501 | 2024-08-19 | N/A | 4.2 MEDIUM | ||
|
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it w ...
Show More |
|||||
| CVE-2024-42476 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. When this project is compiled with certain compiler flags set, it is possible that the `state` parameter will not be checked at all, creating a CSRF vulnerability. Version 0.11 checks the `state` parame ...
Show More |
|||||
| CVE-2023-1604 | 2024-08-19 | N/A | 4.7 MEDIUM | ||
|
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-42475 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected resources. While `state` isn't exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState ...
Show More |
|||||
| CVE-2024-7662 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-7661 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-42628 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
|
|||||
| CVE-2024-42624 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
|
|||||
| CVE-2024-40476 | 1 Mayurik | 1 Best House Rental Management | 2024-08-15 | N/A | 8.0 HIGH |
|
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.
|
|||||
| CVE-2024-42623 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
|
|||||
| CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
|
|||||
| CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
|
|||||
| CVE-2024-42625 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
|
|||||
| CVE-2024-42629 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
|
|||||
| CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
|
|||||
| CVE-2024-42630 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
|
|||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
|
|||||
| CVE-2024-38724 | 2024-08-13 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
|
|||||
| CVE-2024-32863 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 8.8 HIGH |
|
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
|
|||||
| CVE-2024-7360 | 1 Oretnom23 | 1 Tracking Monitoring Management System | 2024-08-09 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339.
|
|||||
| CVE-2024-7367 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273351.
|
|||||
| CVE-2024-7460 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability.
|
|||||
| CVE-2024-7459 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.
|
|||||
| CVE-2024-41811 | 2024-08-06 | N/A | 3.9 LOW | ||
|
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
|
|||||
| CVE-2024-3238 | 2024-08-02 | N/A | 8.8 HIGH | ||
|
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28 ...
Show More |
|||||
| CVE-2024-38776 | 2024-08-02 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7.
|
|||||