Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-05 | CVE-2023-49398 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. | 8.8 |
2023-12-05 | CVE-2023-49446 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | 8.8 |
2023-12-05 | CVE-2023-49447 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | 8.8 |
2023-12-05 | CVE-2023-49448 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | 8.8 |
2023-12-04 | CVE-2023-24048 | Cross-Site Request Forgery (CSRF) vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. | 8.8 |
2023-12-04 | CVE-2023-5884 | Cross-Site Request Forgery (CSRF) vulnerability in Back2Nature Word Balloon The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. | 6.5 |
2023-12-04 | CVE-2023-5979 | Cross-Site Request Forgery (CSRF) vulnerability in Implecode Ecommerce Product Catalog The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | 6.5 |
2023-12-04 | CVE-2023-5990 | Cross-Site Request Forgery (CSRF) vulnerability in Funnelforms Free The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | 6.5 |
2023-12-03 | CVE-2023-6474 | Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Nipah Virus Testing Management System 1.0 A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. | 6.5 |
2023-12-01 | CVE-2023-38268 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |