Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2020-24922 | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | 8.8 |
| 2023-08-09 | CVE-2023-38348 | Cross-Site Request Forgery (CSRF) vulnerability in Lw-Systems Benno Mailarchiv 2.10.1 A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | 8.8 |
| 2023-08-09 | CVE-2023-38999 | Cross-Site Request Forgery (CSRF) vulnerability in Opnsense A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 6.5 |
| 2023-08-09 | CVE-2023-31452 | Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 8.8 |
| 2023-08-08 | CVE-2023-38759 | Cross-Site Request Forgery (CSRF) vulnerability in Wger Workout Manager 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | 8.8 |
| 2023-07-31 | CVE-2020-21881 | Cross-Site Request Forgery (CSRF) vulnerability in Duxcms Project Duxcms 2.1 Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | 6.5 |
| 2023-07-31 | CVE-2023-33534 | Cross-Site Request Forgery (CSRF) vulnerability in Sztozed ZLT S10G Firmware 3.11.6 A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. | 8.8 |
| 2023-07-26 | CVE-2023-3414 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Servicenow Devops A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. | 6.5 |
| 2023-07-26 | CVE-2022-43710 | Cross-Site Request Forgery (CSRF) vulnerability in Gxsoftware Xperiencentral Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | 8.8 |
| 2023-07-26 | CVE-2023-39153 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab Authentication A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.4 |