Total
6076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22693 | 1 Conlabz | 1 Wp Google Tag Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. | |||||
| CVE-2023-22692 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | |||||
| CVE-2023-22691 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | |||||
| CVE-2023-22689 | 1 Autoaffiliatelinks | 1 Auto Affiliate Links | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | |||||
| CVE-2023-22688 | 1 Wp Tabs Slides Project | 1 Wp Tabs Slides | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | |||||
| CVE-2023-22686 | 1 Trinitronic | 1 Nice Paypal Button Lite | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions. | |||||
| CVE-2023-22681 | 1 Online Exam Software \ | 1 Eexamhall Project | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. | |||||
| CVE-2023-22678 | 1 Superior Faq Project | 1 Superior Faq | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. | |||||
| CVE-2023-22674 | 1 Halgatewood | 1 Dashicons \+ Custom Post Types | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2. | |||||
| CVE-2023-22673 | 1 Magenet | 1 Website Monetization | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions. | |||||
| CVE-2023-22672 | 1 Vibethemes | 1 Vslider | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. | |||||
| CVE-2023-22472 | 1 Nextcloud | 1 Desktop | 2024-11-21 | N/A | 5.3 MEDIUM |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2. | |||||
| CVE-2023-22457 | 1 Xwiki | 1 Ckeditor Integration | 2024-11-21 | N/A | 9.0 CRITICAL |
| CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki. The issue has been patched in the CKEditor Integration version 1.64.3. This has also been patched in the version of the CKEditor integration that is bundled starting with XWiki 14.6 RC1. There are no known workarounds for this other than upgrading the CKEditor integration to a fixed version. | |||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2023-22286 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2024-11-21 | N/A | 8.1 HIGH |
| Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | |||||
| CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | N/A | 8.8 HIGH |
| VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | |||||
| CVE-2023-20221 | 1 Cisco | 46 Ip Conference Phone 7832, Ip Conference Phone 7832 With Multiplatform Firmware, Ip Conference Phone 8831 and 43 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition. | |||||
| CVE-2023-20180 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. | |||||
| CVE-2023-20130 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20113 | 1 Cisco | 1 Sd-wan | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. | |||||