Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2023-22286 | Cross-Site Request Forgery (CSRF) vulnerability in Ate-Mahoroba products Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | 8.1 |
| 2023-01-14 | CVE-2023-22852 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | 6.5 |
| 2023-01-12 | CVE-2022-46367 | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | 8.8 |
| 2023-01-12 | CVE-2022-46368 | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | 8.8 |
| 2023-01-09 | CVE-2023-22472 | Cross-Site Request Forgery (CSRF) vulnerability in Nextcloud Desktop 3.6.1 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 8.8 |
| 2023-01-05 | CVE-2023-0088 | Cross-Site Request Forgery (CSRF) vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1 The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. | 8.8 |
| 2022-12-31 | CVE-2022-4867 | Cross-Site Request Forgery (CSRF) vulnerability in Froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 4.3 |
| 2022-12-27 | CVE-2016-15005 | Cross-Site Request Forgery (CSRF) vulnerability in Golf Project Golf 0.1.0/0.1.1/0.2.0 CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | 8.8 |
| 2022-12-26 | CVE-2020-28191 | Cross-Site Request Forgery (CSRF) vulnerability in Togglz The console in Togglz before 2.9.4 allows CSRF. | 8.8 |
| 2022-12-22 | CVE-2022-46491 | Cross-Site Request Forgery (CSRF) vulnerability in Nbnbk Project Nbnbk A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. | 6.5 |