Total
8851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1845 | 1 E4jconnect | 1 Vikrentcar | 2024-11-21 | N/A | 8.8 HIGH |
| The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-0880 | 1 100296 | 1 Qdbcrm | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0555 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation. | |||||
| CVE-2024-0522 | 1 Allegrosoft | 1 Rompager | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure. | |||||
| CVE-2023-7092 | 1 Uniwayinfo | 2 Uw-302vp, Uw-302vp Firmware | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7052 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. | |||||
| CVE-2023-7051 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7038 | 1 Automad | 1 Automad | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6904 | 1 Nxfilter | 1 Nxfilter | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6766 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896. | |||||
| CVE-2023-6689 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2024-11-21 | N/A | 8.2 HIGH |
| A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. | |||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5. | |||||
| CVE-2023-6671 | 1 Openjournalsystems | 1 Open Journal Systems | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | |||||
| CVE-2023-6653 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6633 | 1 Sidenotesproject | 1 Side Notes | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | |||||
| CVE-2023-6503 | 1 Paulgriffinpetty | 1 Wp Plugin Lister | 2024-11-21 | N/A | 5.4 MEDIUM |
| The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2023-6501 | 1 Cochinoman | 1 Splashscreen | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-6474 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640. | |||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 3.5 LOW |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | |||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | |||||