Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44585 | 1 Magneticlab | 1 Homepage Pop-up | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.5 MEDIUM |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | |||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 8.8 HIGH |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2022-43710 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | N/A | 8.8 HIGH |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | |||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 8.8 HIGH |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | |||||
| CVE-2022-43491 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. | |||||
| CVE-2022-43490 | 1 Xwp | 1 Stream | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. | |||||
| CVE-2022-43488 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. | |||||
| CVE-2022-43481 | 1 Rymera | 1 Advanced Coupons | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. | |||||
| CVE-2022-43470 | 1 Fsi | 8 Fs020w, Fs020w Firmware, Fs030w and 5 more | 2024-11-21 | N/A | 7.3 HIGH |
| Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | |||||
| CVE-2022-43469 | 1 Orchestrated | 1 Corona Virus \(covid-19\) Banner \& Live Data | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. | |||||
| CVE-2022-43459 | 1 Captainform | 1 Captainform | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | |||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2024-11-21 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-43408 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2022-43407 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | N/A | 8.8 HIGH |
| Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | |||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 8.8 HIGH |
| DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | |||||
| CVE-2022-42880 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | |||||