Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3022 | 1 Itd-inc | 1 Bingo\!cms | 2024-02-08 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors. | |||||
| CVE-2005-1674 | 1 Helpcenterlive | 1 Help Center Live | 2024-02-08 | 7.5 HIGH | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | |||||
| CVE-2004-1842 | 1 Phpnuke | 1 Php-nuke | 2024-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | |||||
| CVE-2004-1995 | 1 Fusetalk | 1 Fusetalk | 2024-02-08 | 7.5 HIGH | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | |||||
| CVE-2004-1703 | 1 Fusionphp | 1 Fusion News | 2024-02-08 | 7.5 HIGH | 8.8 HIGH |
| Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | |||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2024-02-08 | 7.5 HIGH | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-08 | 5.0 MEDIUM | 6.5 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-1947 | 1 Invisioncommunity | 1 Gallery | 2024-02-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
| CVE-2023-20221 | 1 Cisco | 46 Ip Conference Phone 7832, Ip Conference Phone 7832 With Multiplatform Firmware, Ip Conference Phone 8831 and 43 more | 2024-02-08 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition. | |||||
| CVE-2023-20180 | 1 Cisco | 1 Webex Meetings | 2024-02-08 | N/A | 4.3 MEDIUM |
| A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. | |||||
| CVE-2024-1162 | 1 Themeisle | 1 Orbit Fox | 2024-02-08 | N/A | 4.3 MEDIUM |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-24468 | 1 Flusity | 1 Flusity | 2024-02-07 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | |||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-02-07 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | |||||
| CVE-2024-24470 | 1 Flusity | 1 Flusity | 2024-02-06 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | |||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2024-02-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5. | |||||
| CVE-2023-47781 | 1 Thrivethemes | 1 Thrive Themes Builder | 2024-02-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions. | |||||
| CVE-2024-22136 | 1 Droitthemes | 1 Droit Elementor Addons | 2024-02-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. | |||||
| CVE-2023-51813 | 1 Free And Open Source Inventory Management System Project | 1 Free And Open Source Inventory Management System | 2024-02-05 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | |||||
| CVE-2024-22643 | 1 Seopanel | 1 Seo Panel | 2024-02-03 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | |||||
| CVE-2023-6390 | 1 Jonathonkemp | 1 Wordpress Users | 2024-02-03 | N/A | 8.8 HIGH |
| The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||