Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-34797 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Deployment Dashboard
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34812 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34815 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34817 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-29 CVE-2017-20120 Cross-Site Request Forgery (CSRF) vulnerability in Trueconf Server 4.3.7.12219/4.3.7.12255
A vulnerability classified as problematic was found in TrueConf Server 4.3.7.
network
low complexity
trueconf CWE-352
8.8
8.8
2022-06-28 CVE-2022-31886 Cross-Site Request Forgery (CSRF) vulnerability in Marvalglobal Marval MSM 14.19.0.12476
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
marvalglobal CWE-352
6.5
6.5
2022-06-28 CVE-2022-34134 Cross-Site Request Forgery (CSRF) vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
network
low complexity
jorani CWE-352
8.8
8.8
2022-06-27 CVE-2022-1625 Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts NEW User Approve
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
network
low complexity
wpexperts CWE-352
4.3
4.3
2022-06-27 CVE-2022-1842 Cross-Site Request Forgery (CSRF) vulnerability in Openbook Book Data Project Openbook Book Data
The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
network
low complexity
openbook-book-data-project CWE-352
4.3
4.3
2022-06-24 CVE-2022-33121 Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.11
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
network
low complexity
1234n CWE-352
8.1
8.1