Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-01 | CVE-2021-20468 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-09-01 | CVE-2021-29823 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-08-26 | CVE-2022-36546 | Cross-Site Request Forgery (CSRF) vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | 8.8 |
| 2022-08-26 | CVE-2022-31773 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0 IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-08-26 | CVE-2021-39394 | Cross-Site Request Forgery (CSRF) vulnerability in Mm-Wiki Project Mm-Wiki 0.2.1 mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | 6.5 |
| 2022-08-24 | CVE-2018-14519 | Cross-Site Request Forgery (CSRF) vulnerability in Getkirby Kirby 2.5.12 An issue was discovered in Kirby 2.5.12. | 4.3 |
| 2022-08-23 | CVE-2022-36379 | Cross-Site Request Forgery (CSRF) vulnerability in Yookassa Yukassa for Woocommerce Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 8.8 |
| 2022-08-22 | CVE-2022-1251 | Cross-Site Request Forgery (CSRF) vulnerability in Inkthemes ASK ME The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | 4.3 |
| 2022-08-22 | CVE-2022-2312 | Cross-Site Request Forgery (CSRF) vulnerability in Student Result or Employee Database Project Student Result or Employee Database The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. | 5.4 |
| 2022-08-22 | CVE-2022-35656 | Cross-Site Request Forgery (CSRF) vulnerability in Pega Platform Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | 4.5 |