Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-01-14 CVE-2023-22852 Cross-Site Request Forgery (CSRF) vulnerability in Tiki
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
network
low complexity
tiki CWE-352
6.5
6.5
2023-01-12 CVE-2022-46367 Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
network
low complexity
maxum CWE-352
8.8
8.8
2023-01-12 CVE-2022-46368 Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
network
low complexity
maxum CWE-352
8.8
8.8
2023-01-09 CVE-2023-22472 Cross-Site Request Forgery (CSRF) vulnerability in Nextcloud Desktop 3.6.1
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-352
8.8
8.8
2023-01-05 CVE-2023-0088 Cross-Site Request Forgery (CSRF) vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1.
network
low complexity
swifty-page-manager-project CWE-352
8.8
8.8
2022-12-31 CVE-2022-4867 Cross-Site Request Forgery (CSRF) vulnerability in Froxlor
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
network
low complexity
froxlor CWE-352
4.3
4.3
2022-12-27 CVE-2016-15005 Cross-Site Request Forgery (CSRF) vulnerability in Golf Project Golf 0.1.0/0.1.1/0.2.0
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
network
low complexity
golf-project CWE-352
8.8
8.8
2022-12-26 CVE-2020-28191 Cross-Site Request Forgery (CSRF) vulnerability in Togglz
The console in Togglz before 2.9.4 allows CSRF.
network
low complexity
togglz CWE-352
8.8
8.8
2022-12-22 CVE-2022-46491 Cross-Site Request Forgery (CSRF) vulnerability in Nbnbk Project Nbnbk
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
network
low complexity
nbnbk-project CWE-352
6.5
6.5
2022-12-22 CVE-2020-36625 Cross-Site Request Forgery (CSRF) vulnerability in Destiny Chat
A vulnerability was found in destiny.gg chat.
network
low complexity
destiny CWE-352
8.8
8.8