Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-29903 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. | 4.3 |
| 2022-04-29 | CVE-2022-29905 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | 4.3 |
| 2022-04-28 | CVE-2022-29555 | Cross-Site Request Forgery (CSRF) vulnerability in Northern.Tech Mender The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. | 8.8 |
| 2022-04-28 | CVE-2022-28892 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | 8.8 |
| 2022-04-28 | CVE-2022-24879 | Cross-Site Request Forgery (CSRF) vulnerability in Shopware Shopware is an open source e-commerce software platform. | 7.5 |
| 2022-04-25 | CVE-2022-27374 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | 6.5 |
| 2022-04-25 | CVE-2022-27375 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | 6.5 |
| 2022-04-22 | CVE-2022-27340 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. | 8.8 |
| 2022-04-22 | CVE-2021-38886 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-04-21 | CVE-2022-20787 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. | 6.8 |