Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-52060 Cross-Site Request Forgery (CSRF) vulnerability in Gestsup
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
network
low complexity
gestsup CWE-352
4.3
4.3
2024-02-12 CVE-2023-6499 Cross-Site Request Forgery (CSRF) vulnerability in Calenfretts Lastunes
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
network
low complexity
calenfretts CWE-352
5.4
5.4
2024-02-12 CVE-2023-6501 Cross-Site Request Forgery (CSRF) vulnerability in Cochinoman Splashscreen
The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
cochinoman CWE-352
4.3
4.3
2024-02-11 CVE-2024-25417 Cross-Site Request Forgery (CSRF) vulnerability in Flusity 2.33
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
network
low complexity
flusity CWE-352
8.8
8.8
2024-02-11 CVE-2024-25418 Cross-Site Request Forgery (CSRF) vulnerability in Flusity 2.33
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
network
low complexity
flusity CWE-352
8.8
8.8
2024-02-11 CVE-2024-25419 Cross-Site Request Forgery (CSRF) vulnerability in Flusity 2.33
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
network
low complexity
flusity CWE-352
8.8
8.8
2024-02-09 CVE-2023-50349 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability.
network
low complexity
hcltech CWE-352
8.8
8.8
2024-02-09 CVE-2024-23319 Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
network
low complexity
mattermost CWE-352
3.5
3.5
2024-02-09 CVE-2024-24819 Cross-Site Request Forgery (CSRF) vulnerability in Icinga Icingaweb2-Module-Incubator
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries.
network
low complexity
icinga CWE-352
8.8
8.8
2024-02-09 CVE-2024-24820 Cross-Site Request Forgery (CSRF) vulnerability in Icinga
Icinga Director is a tool designed to make Icinga 2 configuration handling easy.
network
low complexity
icinga CWE-352
8.3
8.3