Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-49398 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
network
low complexity
jfinalcms-project CWE-352
8.8
2023-12-05 CVE-2023-49446 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
network
low complexity
jfinalcms-project CWE-352
8.8
2023-12-05 CVE-2023-49447 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
network
low complexity
jfinalcms-project CWE-352
8.8
2023-12-05 CVE-2023-49448 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
network
low complexity
jfinalcms-project CWE-352
8.8
2023-12-04 CVE-2023-24048 Cross-Site Request Forgery (CSRF) vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.
network
low complexity
connectize CWE-352
8.8
2023-12-04 CVE-2023-5884 Cross-Site Request Forgery (CSRF) vulnerability in Back2Nature Word Balloon
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
network
low complexity
back2nature CWE-352
6.5
2023-12-04 CVE-2023-5979 Cross-Site Request Forgery (CSRF) vulnerability in Implecode Ecommerce Product Catalog
The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
network
low complexity
implecode CWE-352
6.5
2023-12-04 CVE-2023-5990 Cross-Site Request Forgery (CSRF) vulnerability in Funnelforms Free
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks
network
low complexity
funnelforms CWE-352
6.5
2023-12-03 CVE-2023-6474 Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Nipah Virus Testing Management System 1.0
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic.
network
low complexity
phpgurukul CWE-352
6.5
2023-12-01 CVE-2023-38268 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8