Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-28361 | Cross-Site Request Forgery (CSRF) vulnerability in UNI Unifi OS A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | 6.5 |
| 2023-05-11 | CVE-2023-2444 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. | 8.8 |
| 2023-05-10 | CVE-2023-27889 | Cross-Site Request Forgery (CSRF) vulnerability in LQD Liquid Speech Balloon Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | 8.8 |
| 2023-05-09 | CVE-2020-23363 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | 8.8 |
| 2023-05-08 | CVE-2020-18131 | Cross-Site Request Forgery (CSRF) vulnerability in Clanscripts Project Clanscripts 4.0 Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. | 8.8 |
| 2023-05-08 | CVE-2020-22334 | Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0 Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | 6.5 |
| 2023-05-08 | CVE-2020-36065 | Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0 Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | 8.8 |
| 2023-05-03 | CVE-2023-1965 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. | 6.5 |
| 2023-04-28 | CVE-2023-29815 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Mccms 2.6.3 mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |
| 2023-04-26 | CVE-2023-2307 | Cross-Site Request Forgery (CSRF) vulnerability in Builder Qwik Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | 6.5 |