Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43719 | 1 Apache | 1 Superset | 2024-11-21 | 8.8 High |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2022-43710 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 8.8 High |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | ||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | ||||
| CVE-2022-43470 | 1 Fsi | 8 Fs020w, Fs020w Firmware, Fs030w and 5 more | 2024-11-21 | 7.3 High |
| Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | ||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-43408 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2022-43407 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | ||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | ||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
| CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | ||||
| CVE-2022-42880 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | ||||
| CVE-2022-42751 | 1 Auieo | 1 Candidats | 2024-11-21 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | ||||
| CVE-2022-42435 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 4.3 Medium |
| IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. | ||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2024-11-21 | 8.8 High |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | ||||
| CVE-2022-42199 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-11-21 | 8.8 High |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | ||||
| CVE-2022-42087 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2022-42086 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | ||||
| CVE-2022-42078 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | ||||
| CVE-2022-42077 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2022-41990 | 1 Cardozatechnologies | 1 Cardoza-3d-tag-cloud | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | ||||