| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. |
| VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. |
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. |
| In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add |
| Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. |
