Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-13 | CVE-2022-34020 | Cross-Site Request Forgery (CSRF) vulnerability in Resiot IOT Platform and Lorawan Network Server Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts. | 8.8 |
| 2022-10-12 | CVE-2022-42077 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
| 2022-10-12 | CVE-2022-42078 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 6.5 |
| 2022-10-12 | CVE-2022-42086 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | 6.5 |
| 2022-10-12 | CVE-2022-42087 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
| 2022-10-10 | CVE-2022-3154 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | 7.1 |
| 2022-10-07 | CVE-2022-22493 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. | 8.8 |
| 2022-10-06 | CVE-2022-2986 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2022-10-06 | CVE-2022-2783 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Server In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | 5.3 |
| 2022-09-29 | CVE-2020-35675 | Cross-Site Request Forgery (CSRF) vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. | 8.8 |