Vulnerabilities (CVE)

Filtered by CWE-352
Total 3631 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25064 1 Theaccessgroup 1 Corehr Core Portal 2022-06-15 6.8 MEDIUM 8.8 HIGH
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2022-29441 2022-06-15 N/A N/A
Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages.
CVE-2022-29453 2022-06-15 N/A N/A
Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update.
CVE-2022-1577 1 Deliciousbrains 1 Database Backup 2022-06-15 5.8 MEDIUM 5.4 MEDIUM
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
CVE-2022-1424 1 2code 1 Ask Me 2022-06-14 4.3 MEDIUM 6.5 MEDIUM
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
CVE-2022-1422 1 2code 1 Discy 2022-06-14 4.3 MEDIUM 6.5 MEDIUM
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.
CVE-2022-1421 1 2code 1 Discy 2022-06-14 4.3 MEDIUM 4.3 MEDIUM
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack
CVE-2020-36534 1 Easyiicms 1 Easyiicms 2022-06-14 4.3 MEDIUM 6.5 MEDIUM
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-43559 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-06-14 6.8 MEDIUM 8.8 HIGH
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2018-1000195 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2022-06-13 4.3 MEDIUM 4.3 MEDIUM
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
CVE-2019-10384 3 Jenkins, Oracle, Redhat 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform 2022-06-13 6.8 MEDIUM 8.8 HIGH
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
CVE-2022-0642 1 Jivochat 1 Jivochat 2022-06-13 3.5 LOW 5.4 MEDIUM
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
CVE-2022-0141 1 Vfbpro 1 Visual Form Builder 2022-06-13 5.8 MEDIUM 8.1 HIGH
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
CVE-2022-22361 1 Ibm 2 Business Automation Workflow, Business Process Manager 2022-06-10 4.3 MEDIUM 6.5 MEDIUM
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2020-20971 1 Pbootcms 1 Pbootcms 2022-06-10 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVE-2021-43941 1 Atlassian 2 Jira Data Center, Jira Server 2022-06-10 4.3 MEDIUM 6.5 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2022-29735 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2022-06-10 6.8 MEDIUM 8.8 HIGH
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2022-29647 1 Mingsoft 1 Mcms 2022-06-09 6.8 MEDIUM 8.8 HIGH
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
CVE-2021-36890 1 Supsystic 1 Social Share Buttons 2022-06-09 4.3 MEDIUM 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.
CVE-2021-44227 1 Gnu 1 Mailman 2022-06-09 6.8 MEDIUM 8.8 HIGH
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.