Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-4597 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2.
network
low complexity
gitlab CWE-352
6.5
6.5
2024-03-02 CVE-2023-6326 Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3.
network
low complexity
averta CWE-352
4.3
4.3
2024-02-29 CVE-2023-48651 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
network
low complexity
concretecms CWE-352
4.3
4.3
2024-02-29 CVE-2023-48653 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit.
network
low complexity
concretecms CWE-352
4.3
4.3
2024-02-28 CVE-2024-1943 Cross-Site Request Forgery (CSRF) vulnerability in Wpmoose Yuki
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14.
network
low complexity
wpmoose CWE-352
4.3
4.3
2024-02-20 CVE-2023-47635 Cross-Site Request Forgery (CSRF) vulnerability in Decidim
Decidim is a participatory democracy framework.
network
low complexity
decidim CWE-352
5.7
5.7
2024-02-14 CVE-2024-23785 Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
network
low complexity
sharp CWE-352
6.5
6.5
2024-02-13 CVE-2023-52431 Cross-Site Request Forgery (CSRF) vulnerability in Plack::Middleware::Xsrfblock Project Plack::Middleware::Xsrfblock
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
network
low complexity
plack CWE-352
8.8
8.8
2024-02-13 CVE-2023-52060 Cross-Site Request Forgery (CSRF) vulnerability in Gestsup
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
network
low complexity
gestsup CWE-352
4.3
4.3
2024-02-12 CVE-2023-6499 Cross-Site Request Forgery (CSRF) vulnerability in Calenfretts Lastunes
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
network
low complexity
calenfretts CWE-352
5.4
5.4