Total
4854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35793 | 1 Cassianetworks | 1 Access Controller | 2023-09-28 | N/A | 8.8 HIGH |
| An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | |||||
| CVE-2023-41452 | 1 Phpkobo | 1 Ajaxnewsticker | 2023-09-28 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | |||||
| CVE-2023-44161 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-09-28 | N/A | 6.5 MEDIUM |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44160 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-09-28 | N/A | 6.5 MEDIUM |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2023-09-27 | N/A | 6.5 MEDIUM |
| In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | |||||
| CVE-2023-3547 | 1 All In One B2b For Woocommerce Project | 1 All In One B2b For Woocommerce | 2023-09-26 | N/A | 8.8 HIGH |
| The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. | |||||
| CVE-2023-43278 | 1 Seacms | 1 Seacms | 2023-09-26 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | |||||
| CVE-2023-4916 | 1 Login With Phone Number Project | 1 Login With Phone Number | 2023-09-25 | N/A | 8.8 HIGH |
| The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-42321 | 1 Icmsdev | 1 Icms | 2023-09-22 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | |||||
| CVE-2023-43502 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | |||||
| CVE-2023-43500 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2023-09-22 | N/A | 6.5 MEDIUM |
| The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | |||||
| CVE-2022-47559 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2023-09-21 | N/A | 8.8 HIGH |
| ** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | |||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2023-09-21 | N/A | 8.8 HIGH |
| ** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | |||||
| CVE-2023-4959 | 1 Redhat | 1 Quay | 2023-09-20 | N/A | 6.5 MEDIUM |
| A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). | |||||
| CVE-2023-42270 | 1 Grocy Project | 1 Grocy | 2023-09-20 | N/A | 8.8 HIGH |
| Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2023-40868 | 1 Moosocial | 1 Moosocial | 2023-09-19 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. | |||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2023-09-19 | N/A | 4.3 MEDIUM |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2023-09-19 | N/A | 4.3 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-4307 | 1 Teknigar | 1 Lock User Account | 2023-09-19 | N/A | 4.3 MEDIUM |
| The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack | |||||