Total
8114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34200 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-34161 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 8.8 High |
| IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. | ||||
| CVE-2022-34158 | 1 Apache | 1 Jspwiki | 2024-11-21 | 8.8 High |
| A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. | ||||
| CVE-2022-34134 | 1 Jorani | 1 Jorani | 2024-11-21 | 8.8 High |
| Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | ||||
| CVE-2022-33974 | 1 Smashballoon | 1 Custom Twitter Feeds | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions. | ||||
| CVE-2022-33121 | 1 1234n | 1 Minicms | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | ||||
| CVE-2022-32320 | 2 Ferdium, Getferdi | 2 Ferdium, Ferdi | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file. | ||||
| CVE-2022-31886 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 6.5 Medium |
| Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. | ||||
| CVE-2022-31773 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 8.8 High |
| IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. | ||||
| CVE-2022-30972 | 1 Jenkins | 1 Storage Configs | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | ||||
| CVE-2022-30969 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. | ||||
| CVE-2022-30958 | 1 Jenkins | 1 Ssh | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-30953 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | ||||
| CVE-2022-30946 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | ||||
| CVE-2022-30931 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2024-11-21 | 6.5 Medium |
| Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | ||||
| CVE-2022-30930 | 1 Phpgurukul | 1 Tourism Management System | 2024-11-21 | 4.3 Medium |
| Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-30898 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.5 Medium |
| A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. | ||||
| CVE-2022-30328 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 6.5 Medium |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | ||||
| CVE-2022-30327 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 6.5 Medium |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | ||||
| CVE-2022-30280 | 1 Nokia | 1 Netact | 2024-11-21 | 8.8 High |
| /SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | ||||