Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-28 | CVE-2022-29555 | Cross-Site Request Forgery (CSRF) vulnerability in Northern.Tech Mender The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. | 8.8 |
| 2022-04-28 | CVE-2022-28892 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | 8.8 |
| 2022-04-28 | CVE-2022-24879 | Cross-Site Request Forgery (CSRF) vulnerability in Shopware Shopware is an open source e-commerce software platform. | 7.5 |
| 2022-04-25 | CVE-2022-27374 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | 6.5 |
| 2022-04-25 | CVE-2022-27375 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | 6.5 |
| 2022-04-22 | CVE-2022-27340 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. | 8.8 |
| 2022-04-22 | CVE-2021-38886 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-04-21 | CVE-2022-20787 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. | 6.8 |
| 2022-04-20 | CVE-2022-27629 | Cross-Site Request Forgery (CSRF) vulnerability in Videowhisper Micropayments Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | 8.8 |
| 2022-04-19 | CVE-2021-4096 | Cross-Site Request Forgery (CSRF) vulnerability in Radykal Fancy Product Designer The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | 8.8 |