BIT-PHPBB-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

BIT-PHPBB-2020-5502

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships...

Cross site request forgery (csrf)

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers...

CM Download Manager < 2.9.0 - Download Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/del/id/...

PT-2024-14625 · Unknown · Mongo-Express

Name of the Vulnerable Software and Affected Versions: mongo-express version 1.0.2 Description: The issue allows for Cross-Site Request Forgery CSRF attacks, as demonstrated by the deletion of a Collection through the /admin endpoint. Recommendations: For mongo-express version 1.0.2, consider...

Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

GHSA-F3QM-VFC3-JG6V Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

Innovs HR <= 1.0.3.4 - Employee Creation via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. PoC...

Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

CVE-2023-6501

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-6499 lasTunes <= 3.6.1 - Settings Update via CSRF

The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

Cross site request forgery (csrf)

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer...

CVE-2024-20252

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...

Cross site request forgery (csrf)

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update

An update is now available for Red Hat OpenShift GitOps v1.10.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2024-23831 Privilege escalation through CSRF attack on 'setup.pl'

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

CVE-2024-23831 Privilege escalation through CSRF attack on 'setup.pl'

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

CVE-2023-6503

The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...