Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45850 | 2024-11-21 | 6.1 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | ||||
| CVE-2022-45847 | 2024-11-21 | 6.1 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | ||||
| CVE-2022-45828 | 1 Nootheme | 1 Noo Timetable | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | ||||
| CVE-2022-45823 | 1 Video Contest Wordpress Project | 1 Video Contest Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. | ||||
| CVE-2022-45674 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2022-45673 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | ||||
| CVE-2022-45668 | 1 Tenda | 2 I22, I22 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2022-45667 | 1 Tenda | 2 I22, I22 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | ||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2024-11-21 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||
| CVE-2022-45372 | 1 Codeixer | 1 Product Gallery Slider For Woocommerce | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions. | ||||
| CVE-2022-45228 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2024-11-21 | 3.5 Low |
| Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | ||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.4 Medium |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | ||||
| CVE-2022-45130 | 1 Plesk | 1 Obsidian | 2024-11-21 | 6.5 Medium |
| Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. | ||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2024-11-21 | 6.5 Medium |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | ||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | ||||
| CVE-2022-44741 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | ||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.5 Medium |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | ||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | ||||
| CVE-2022-43980 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.2 Medium |
| There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | ||||