Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-3356 Cross-Site Request Forgery (CSRF) vulnerability in Kreci Subscribers Text Counter
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
network
low complexity
kreci CWE-352
4.3
4.3
2023-08-28 CVE-2023-23473 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2023-08-21 CVE-2023-4301 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Fortify
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
5.4
5.4
2023-08-21 CVE-2023-39061 Cross-Site Request Forgery (CSRF) vulnerability in Chamilo
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
network
low complexity
chamilo CWE-352
3.5
3.5
2023-08-16 CVE-2023-20221 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
6.5
6.5
2023-08-16 CVE-2023-40336 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Folders
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-08-16 CVE-2023-40337 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Folders
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
network
low complexity
jenkins CWE-352
4.3
4.3
2023-08-16 CVE-2023-40341 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-08-16 CVE-2023-40351 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite View
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
network
low complexity
jenkins CWE-352
4.3
4.3
2023-08-11 CVE-2020-23595 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
network
low complexity
yzmcms CWE-352
8.8
8.8