Total
7786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-11-21 | N/A | 8.9 HIGH |
| Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | |||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-39372 | 1 Startrinity | 1 Softswitch | 2024-11-21 | N/A | 8.1 HIGH |
| StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352) | |||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39166 | 1 Tagdiv | 1 Tagdiv Composer | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4. | |||||
| CVE-2023-39165 | 1 Fetchdesigns | 1 Sign-up Sheets | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | |||||
| CVE-2023-39159 | 1 Multidots | 1 Fraud Prevention For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | |||||
| CVE-2023-39158 | 1 Multidots | 1 Banner Management For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | |||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-11-21 | N/A | 5.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | |||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | N/A | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-39061 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 3.5 LOW |
| Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. | |||||
| CVE-2023-38999 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-38885 | 1 Os4ed | 1 Opensis | 2024-11-21 | N/A | 8.8 HIGH |
| OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request. | |||||
| CVE-2023-38759 | 1 Wger | 1 Workout Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | |||||
| CVE-2023-38579 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. | |||||
| CVE-2023-38512 | 1 Wpstream | 1 Wpstream | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions. | |||||
| CVE-2023-38398 | 1 Tablooa | 1 Tablooa | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. | |||||
| CVE-2023-38396 | 1 Web-argument | 1 Google-map-shortcode | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. | |||||
| CVE-2023-38390 | 1 Anshullabs | 1 Mobile Address Bar Changer | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. | |||||