Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-31452 | Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 8.8 |
| 2023-08-08 | CVE-2023-38759 | Cross-Site Request Forgery (CSRF) vulnerability in Wger Workout Manager 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | 8.8 |
| 2023-07-31 | CVE-2020-21881 | Cross-Site Request Forgery (CSRF) vulnerability in Duxcms Project Duxcms 2.1 Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | 6.5 |
| 2023-07-31 | CVE-2023-33534 | Cross-Site Request Forgery (CSRF) vulnerability in Sztozed ZLT S10G Firmware 3.11.6 A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. | 8.8 |
| 2023-07-26 | CVE-2023-3414 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Servicenow Devops A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. | 6.5 |
| 2023-07-26 | CVE-2022-43710 | Cross-Site Request Forgery (CSRF) vulnerability in Gxsoftware Xperiencentral Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | 8.8 |
| 2023-07-26 | CVE-2023-39153 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab Authentication A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.4 |
| 2023-07-26 | CVE-2023-39156 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bazaar A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | 5.3 |
| 2023-07-24 | CVE-2022-30280 | Cross-Site Request Forgery (CSRF) vulnerability in Nokia Netact 22.0.0.62 /SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. | 8.8 |
| 2023-07-21 | CVE-2023-32625 | Cross-Site Request Forgery (CSRF) vulnerability in Sakura TS Webfonts Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page. | 4.3 |