Lucene search
K

774 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.7 views

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

4.8CVSS6.3AI score0.01172EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.8 views

CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

6.1CVSS6AI score0.00782EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.11 views

CVE-2024-51488

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any...

5.4CVSS5.4AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:13 a.m.8 views

CVE-2023-4013

The GDPR Cookie Compliance CCPA, DSGVO, Cookie Consent WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...

6.5CVSS6.7AI score0.00269EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:58 a.m.25 views

CVE-2023-3547

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks...

8.8CVSS6.7AI score0.00321EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.10 views

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

8.8CVSS6.9AI score0.00389EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.8 views

CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...

5.4CVSS6.2AI score0.00381EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.7 views

CVE-2022-24947

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later...

8.8CVSS6.8AI score0.01142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.6 views

CVE-2022-2276

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...

4.3CVSS7.1AI score0.00336EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.9 views

CVE-2021-29624

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...

6.5CVSS6.8AI score0.00829EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.8 views

CVE-2020-35626

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php...

8.8CVSS6.9AI score0.00509EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 p.m.8 views

CVE-2020-23426

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...

9.8CVSS7.2AI score0.03712EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:57 p.m.11 views

CVE-2018-19911

FreeSWITCH through 1.8.2, when modxmlrpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system or api/bgsystem or txtapi/bgsystem query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF...

7.6CVSS8.2AI score0.02696EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 a.m.18 views

CVE-2019-0235

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks...

8.8CVSS6.8AI score0.32747EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 a.m.8 views

CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

8.8CVSS7AI score0.00695EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.10 views

CVE-2024-8286 GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...

7.1AI score0.00182EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.14 views

CVE-2024-6712 MapFig Studio <= 0.2.1 - Stored XSS via CSRF

The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00152EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.11 views

CVE-2024-12301 JSP Store Locator <= 1.0 - Deletion via Missing CSRF

The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

0.00192EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.31 views

CVE-2024-11719

The CVE-2024-11719 entry concerns the tarteaucitron-wp WordPress plugin prior to version 0.3.0, which lacks CSRF checks in certain areas and omits sanitisation and escaping. This could allow a logged-in attacker to trigger a Stored XSS payload via a CSRF attack. The issue is documented across mul...

6.1CVSS5.9AI score0.00149EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.8 views

PT-2025-21518 · Unknown · Webtoffee-Gdpr-Cookie-Consent

Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1 Description: The issue concerns the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting visit logs via...

6.5CVSS6.4AI score0.00182EPSS
Exploits1References4
Rows per page
Query Builder