Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24452 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Testquality Updater 1.1/1.3 A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24457 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication 2.3.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 6.5 |
| 2023-01-26 | CVE-2023-24458 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2023-01-23 | CVE-2022-37719 | Cross-Site Request Forgery (CSRF) vulnerability in Edgenexus Application Delivery Controller 4.2.8 A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 8.8 |
| 2023-01-23 | CVE-2022-4548 | Cross-Site Request Forgery (CSRF) vulnerability in Imageseo Optimize Images ALT Text (Alt Tag) & Names for SEO Using AI The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 6.5 |
| 2023-01-18 | CVE-2022-45127 | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. | 8.1 |
| 2023-01-17 | CVE-2023-22286 | Cross-Site Request Forgery (CSRF) vulnerability in Ate-Mahoroba products Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | 8.1 |
| 2023-01-14 | CVE-2023-22852 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | 6.5 |
| 2023-01-12 | CVE-2022-46367 | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | 8.8 |
| 2023-01-12 | CVE-2022-46368 | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | 8.8 |