Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2021-36444 | Cross-Site Request Forgery (CSRF) vulnerability in Txjia Imcat 5.4 Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | 8.8 |
| 2023-02-03 | CVE-2021-36569 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | 8.8 |
| 2023-02-03 | CVE-2021-36570 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | 8.8 |
| 2023-02-03 | CVE-2022-47130 | Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | 4.3 |
| 2023-02-03 | CVE-2022-47132 | Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | 8.8 |
| 2023-02-02 | CVE-2023-25015 | Cross-Site Request Forgery (CSRF) vulnerability in Clockwork web Project Clockwork web Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 |
| 2023-02-01 | CVE-2023-23750 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.6. | 6.3 |
| 2023-02-01 | CVE-2023-20856 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize Operations VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. | 8.8 |
| 2023-01-26 | CVE-2023-24423 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | 6.5 |
| 2023-01-26 | CVE-2023-24428 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.7 |