Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-25523 Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
network
low complexity
typesettercms CWE-352
8.8
8.8
2022-03-24 CVE-2022-25576 Cross-Site Request Forgery (CSRF) vulnerability in Anchorcms Anchor CMS 0.12.7
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php.
network
low complexity
anchorcms CWE-352
4.5
4.5
2022-03-23 CVE-2022-25268 Cross-Site Request Forgery (CSRF) vulnerability in Passwork
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
network
low complexity
passwork CWE-352
8.8
8.8
2022-03-23 CVE-2022-25608 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.
network
low complexity
yooslider CWE-352
5.4
5.4
2022-03-23 CVE-2021-43737 Cross-Site Request Forgery (CSRF) vulnerability in Xiaohuanxiong Project Xiaohuanxiong CMS 5.0.17
An issus was discovered in xiaohuanxiong CMS 5.0.17.
network
low complexity
xiaohuanxiong-project CWE-352
6.5
6.5
2022-03-23 CVE-2021-43738 Cross-Site Request Forgery (CSRF) vulnerability in Xiaohuanxiong CMS Project Xiaohuanxiong CMS 5.0.17
An issue was discovered in xiaohuanxiong CMS 5.0.17.
network
low complexity
xiaohuanxiong-cms-project CWE-352
8.8
8.8
2022-03-21 CVE-2021-40662 Cross-Site Request Forgery (CSRF) vulnerability in Chamilo 1.11.14
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
network
low complexity
chamilo CWE-352
8.8
8.8
2022-03-21 CVE-2022-23349 Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
network
low complexity
bigantsoft CWE-352
8.8
8.8
2022-03-21 CVE-2021-24905 Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server.
network
low complexity
vsourz CWE-352
8.0
8.0
2022-03-21 CVE-2022-0515 Cross-Site Request Forgery (CSRF) vulnerability in Craterapp Crater
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
network
low complexity
craterapp CWE-352
4.3
4.3