Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2021-22954 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. | 8.8 |
| 2022-02-08 | CVE-2022-21703 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 8.8 |
| 2022-02-08 | CVE-2021-45326 | Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 8.8 |
| 2022-02-07 | CVE-2021-24843 | Cross-Site Request Forgery (CSRF) vulnerability in Supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. | 6.5 |
| 2022-02-07 | CVE-2021-24879 | Cross-Site Request Forgery (CSRF) vulnerability in Supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it. | 8.8 |
| 2022-02-07 | CVE-2021-24993 | Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Ultimate Product Catalog The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example | 6.5 |
| 2022-02-07 | CVE-2021-25108 | Cross-Site Request Forgery (CSRF) vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | 7.1 |
| 2022-02-04 | CVE-2020-7534 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
| 2022-02-04 | CVE-2021-32732 | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki ### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. | 6.5 |
| 2022-02-04 | CVE-2021-46398 | Cross-Site Request Forgery (CSRF) vulnerability in Filebrowser A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. | 8.8 |