Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2020-35675 Cross-Site Request Forgery (CSRF) vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups.
network
low complexity
bigprof CWE-352
8.8
8.8
2022-09-23 CVE-2022-40132 Cross-Site Request Forgery (CSRF) vulnerability in Castos Seriously Simple Podcasting
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
network
low complexity
castos CWE-352
4.3
4.3
2022-09-21 CVE-2022-41227 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-21 CVE-2022-41232 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build-Publisher
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
network
low complexity
jenkins CWE-352
8.0
8.0
2022-09-21 CVE-2022-41236 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Security Inspector
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-21 CVE-2022-41245 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-21 CVE-2022-41249 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCM Httpclient
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-21 CVE-2022-41253 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cons3Rt 1.0.0
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-09-20 CVE-2022-23685 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Policy Manager
A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection.
network
low complexity
arubanetworks CWE-352
8.8
8.8
2022-09-20 CVE-2022-35196 Cross-Site Request Forgery (CSRF) vulnerability in Testlink 1.9.20
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
network
low complexity
testlink CWE-352
8.8
8.8