Total
8544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | 6.8 Medium |
| In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | ||||
| CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | ||||
| CVE-2023-40008 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | ||||
| CVE-2023-3841 | 1 Nxfilter | 1 Nxfilter | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3627 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. | ||||
| CVE-2023-3589 | 3 3ds, Dassault, Dassult | 5 Teamwork Cloud No Magic Release, Teamwork Cloud Enterprise Edition, Teamwork Cloud Standard Edition and 2 more | 2024-11-21 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | ||||
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | ||||
| CVE-2023-3414 | 1 Jenkins | 1 Servicenow Devops | 2024-11-21 | 6.1 Medium |
| A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | ||||
| CVE-2023-3356 | 1 Kreci | 1 Subscribers Text Counter | 2024-11-21 | 4.3 Medium |
| The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2023-39989 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. | ||||
| CVE-2023-39925 | 1 Peepso | 1 Peepso | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. | ||||
| CVE-2023-39923 | 1 Radiustheme | 1 The Post Grid | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | ||||
| CVE-2023-39917 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | ||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-11-21 | 8.9 High |
| Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | ||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 5.4 Medium |
| Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-39372 | 1 Startrinity | 1 Softswitch | 2024-11-21 | 8.1 High |
| StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352) | ||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
| CVE-2023-39166 | 1 Tagdiv | 1 Tagdiv Composer | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4. | ||||
| CVE-2023-39165 | 1 Fetchdesigns | 1 Sign-up Sheets | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | ||||