Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-02-11 CVE-2022-34448 Cross-Site Request Forgery (CSRF) vulnerability in Dell Powerpath Management Appliance
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability.
network
low complexity
dell CWE-352
8.8
8.8
2023-02-10 CVE-2022-3568 Cross-Site Request Forgery (CSRF) vulnerability in Orangelab Imagemagick Engine
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5.
network
low complexity
orangelab CWE-352
8.8
8.8
2023-02-03 CVE-2021-36443 Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
network
low complexity
txjia CWE-352
8.8
8.8
2023-02-03 CVE-2021-36444 Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
network
low complexity
txjia CWE-352
8.8
8.8
2023-02-03 CVE-2021-36569 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2023-02-03 CVE-2021-36570 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2023-02-03 CVE-2022-47130 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
network
low complexity
creativeitem CWE-352
4.3
4.3
2023-02-03 CVE-2022-47132 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
network
low complexity
creativeitem CWE-352
8.8
8.8
2023-02-02 CVE-2023-25015 Cross-Site Request Forgery (CSRF) vulnerability in Clockwork web Project Clockwork web
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
network
low complexity
clockwork-web-project CWE-352
6.5
6.5
2023-02-01 CVE-2023-23750 Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!
An issue was discovered in Joomla! 4.0.0 through 4.2.6.
network
low complexity
joomla CWE-352
6.3
6.3