Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32989 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure VM Agents
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
network
low complexity
jenkins CWE-352
8.8
2023-05-15 CVE-2023-0763 Cross-Site Request Forgery (CSRF) vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack
network
low complexity
infigosoftware CWE-352
4.3
2023-05-11 CVE-2023-28361 Cross-Site Request Forgery (CSRF) vulnerability in UNI Unifi OS
A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.
network
low complexity
uni CWE-352
6.5
2023-05-11 CVE-2023-2444 Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint.
network
low complexity
rockwellautomation CWE-352
8.8
2023-05-10 CVE-2023-27889 Cross-Site Request Forgery (CSRF) vulnerability in LQD Liquid Speech Balloon
Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.
network
low complexity
lqd CWE-352
8.8
2023-05-09 CVE-2020-23363 Cross-Site Request Forgery (CSRF) vulnerability in Verydows
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
network
low complexity
verydows CWE-352
8.8
2023-05-08 CVE-2020-18131 Cross-Site Request Forgery (CSRF) vulnerability in Clanscripts Project Clanscripts 4.0
Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.
network
low complexity
clanscripts-project CWE-352
8.8
2023-05-08 CVE-2020-22334 Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
network
low complexity
beescms CWE-352
6.5
2023-05-08 CVE-2020-36065 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
network
low complexity
flycms-project CWE-352
8.8
2023-05-03 CVE-2023-1965 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1.
network
low complexity
gitlab CWE-352
6.5