201 matches found
CVE-2021-22701
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-47914
VaeMendis - CWE-352: Cross-Site Request Forgery CSRF...
CVE-2024-47914
CVE-2024-47914 is tied to a CSRF vulnerability affecting VaeMendis Ubooquity (reported by CNNVD as version 2.1.2). The available connected sources identify Cross-Site Request Forgery as the issue and attribute affected software to VaeMendis/Ubooquity, but do not provide a precise vulnerable compo...
CVE-2024-47914 VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
VaeMendis - CWE-352: Cross-Site Request Forgery CSRF...
Security Bulletin: IBM CICS TX Advanced web pages are vulnerable to cross-site scripting and cross-site request forgery attacks.
Summary Webpages that are shipped as part of IBM CICS TX Advanced are vulnerable to cross-site scripting and cross-site request forgery attacks. Updates to IBM CICS TX Advanced have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-41745 DESCRIPTION: IBM CICS TX...
Security Bulletin: IBM CICS TX Standard is vulnerable to Cross-site Scripting (Reflected) and Cross-Site Request Forgery (CSRF).
Summary Webpages that are shipped as part of IBM CICS TX Standard are vulnerable to Cross-site Scripting Reflected and Cross-Site Request Forgery CSFR. Updates to IBM CICS TX Standard have been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-41745 DESCRIPTION: IBM CIC...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to key-value store "etcd". (CVE-2018-1098, CVE-2018-1099, CVE-2022-34038, CVE-2021-2823).
Summary The distributed key-value store, etcd, used by IBM Storage Protect Server is vulnerable to cross-site scripting, denial of service, or unauthorized access to the host system. This bulletin outlines the steps to address these vulnerabilities. Vulnerability Details CVEID:CVE-2018-1098...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-3083
CVE-2024-3083 corresponds to a CSRF vulnerability in Plug&Track Sensor Net Connect (V2). Affected component: Plug&Track Sensor Net Connect V2, version 2.24. Root cause: cross-site request forgery that can enable remote attackers to perform state-changing operations with administrative privileges ...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-27783
Fortinet FortiAIOps 2.0.0 is affected by a CSRF vulnerability in its web UI, allowing an unauthenticated attacker to trick a victim into making HTTP GET requests that perform arbitrary actions on behalf of a logged-in user. Root cause: insufficient validation of requests from trusted users in the...
JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform unintended...
CVE-2024-35558
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/cadeal.php?mudi=rev&nohrefStr=close...
JVN#34328023: FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logging in, the user information may be altered. In the case the user is an administrator, the settings such as the...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Project Manager Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 59fff4ce994d Credits István Márton...
Cross site request forgery (csrf)
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF CWE-352...
CVE-2023-39372
CVE-2023-39372 affects StarTrinity Softswitch (version 2023-02-16) and is described as multiple CSRF (CWE-352). Public documents identify CSRF as the underlying issue but do not provide a concrete fix in a newer release. CVSS metrics indicate high impact (confidentiality, integrity, availability)...