Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2021-4030 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg6816 Firmware and Nbg6817 Firmware
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
network
low complexity
zyxel CWE-352
8.8
8.8
2022-02-24 CVE-2022-21179 Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube E-Mail Newsletter Management
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.
network
low complexity
ec-cube CWE-352
4.3
4.3
2022-02-21 CVE-2022-23983 Cross-Site Request Forgery (CSRF) vulnerability in Wp-Buy WP Content Copy Protection & NO Right Click
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
network
low complexity
wp-buy CWE-352
8.8
8.8
2022-02-21 CVE-2022-25599 Cross-Site Request Forgery (CSRF) vulnerability in Spiffyplugins Spiffy Calendar
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).
network
low complexity
spiffyplugins CWE-352
4.3
4.3
2022-02-20 CVE-2021-45007 Cross-Site Request Forgery (CSRF) vulnerability in Plesk 18.0.37
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel.
network
low complexity
plesk CWE-352
6.5
6.5
2022-02-16 CVE-2022-25241 Cross-Site Request Forgery (CSRF) vulnerability in Filecloud
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
network
low complexity
filecloud CWE-352
8.8
8.8
2022-02-16 CVE-2022-25242 Cross-Site Request Forgery (CSRF) vulnerability in Filecloud
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).
network
low complexity
filecloud CWE-352
8.8
8.8
2022-02-15 CVE-2021-46252 Cross-Site Request Forgery (CSRF) vulnerability in Scratch-Wiki Scratch Confirmaccount V3
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.
network
low complexity
scratch-wiki CWE-352
6.5
6.5
2022-02-15 CVE-2022-25192 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Snow Commander
A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25194 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Autonomiq
A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8