Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-16 | CVE-2023-32989 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure VM Agents A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | 8.8 |
2023-05-15 | CVE-2023-0763 | Cross-Site Request Forgery (CSRF) vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack | 4.3 |
2023-05-11 | CVE-2023-28361 | Cross-Site Request Forgery (CSRF) vulnerability in UNI Unifi OS A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | 6.5 |
2023-05-11 | CVE-2023-2444 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. | 8.8 |
2023-05-10 | CVE-2023-27889 | Cross-Site Request Forgery (CSRF) vulnerability in LQD Liquid Speech Balloon Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | 8.8 |
2023-05-09 | CVE-2020-23363 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | 8.8 |
2023-05-08 | CVE-2020-18131 | Cross-Site Request Forgery (CSRF) vulnerability in Clanscripts Project Clanscripts 4.0 Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. | 8.8 |
2023-05-08 | CVE-2020-22334 | Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0 Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | 6.5 |
2023-05-08 | CVE-2020-36065 | Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0 Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | 8.8 |
2023-05-03 | CVE-2023-1965 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. | 6.5 |