Cross-Site Request Forgery (CSRF)CWE-352
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-42618Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42617Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42616Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42613Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42612Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add | CVSS 8.8 | Pligg | - | - |  |
CVE-2024-42611Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42610Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42609Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42608Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42607Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42606Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42605Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42604Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3 | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42603Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | CVSS 8.8 | Pligg | Exploit | - |  |
CVE-2024-42586A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42585A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42584A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42583A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42582A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42581A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42580A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42579A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42578A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8 | - | - |  | |
CVE-2024-42577A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | Siamonhasan | Exploit | - |  |
CVE-2024-42576A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42557A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42555A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42553A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | CVSS 8.8 | - | - |  | |
CVE-2024-42504A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. | CVSS 4.3 | - | - |  | |
CVE-2024-42476In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. When this project is compiled with certain compiler flags set, it is possible that the `state` parameter will not be checked at all, creating a CSRF vulnerability. Version 0.11 checks the `state` parameter using a regular `if` statement or `doAssert` instead of relying on a plain `assert`. `doAssert` will achieve the desired behavior even if `-d:danger` or `--assertions:off` is set. | CVSS 6.5 | Atlassian | - | - |  |
CVE-2024-42475In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected resources. While `state` isn't exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState` function to generate `state` values of at least 128 bits of entropy while using a CSPRNG. | CVSS 6.5 | Atlassian | - | - |  |
CVE-2024-41987The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | CVSS Low | - | - |  | |
CVE-2024-41811Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: Icinga Web (>=2.12.0)
Icinga DB Web (>=1.0.0)
Icinga Notifications Web (>=0.1.0)
Icinga Web JIRA Integration (>=1.3.0)
All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded. | CVSS 3.9 | Icinga | - | Patched |  |
CVE-2024-41744IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | CVSS 6.5 | Ibm | - | - |  |
CVE-2024-4172A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. | CVSS 4.3 | Idccms | - | - |  |
CVE-2024-41603Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. | CVSS 9.6 | Denkgroot | - | - |  |
CVE-2024-41602Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL | CVSS 8.8 | Denkgroot | - | - |  |
CVE-2024-41597Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | CVSS 4.2 | Processwire | - | Patched |  |
CVE-2024-41344A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | CVSS 7.5 | Codeigniter | - | - |  |
CVE-2024-41305A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | CVSS 4.7 | Wondercms | Exploit | - |  |
CVE-2024-4128This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0
| CVSS 2.6 | - | Patched |  | |
CVE-2024-40886Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console. | CVSS 8.8 | Mattermost | - | Patched |  |
CVE-2024-40883Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. | CVSS 8.8 | Elecom | - | Patched |  |
CVE-2024-40603An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. | CVSS 4.3 | Mediawiki | - | - |  |
CVE-2024-40601An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. | CVSS 6.5 | Mediawiki | - | - |  |
CVE-2024-40488A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | CVSS 8.8 | Kashipara | - | - |  |
CVE-2024-40476A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. | CVSS 8 | Sourcecodester, et al | - | - |  |
CVE-2024-40334idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | CVSS 8.8 | Idccms project, et al | Exploit | - |  |
CVE-2024-40332idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | CVSS 8.8 | Idccms project, et al | - | - |  |
CVE-2024-40331idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-40329idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-40328idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | CVSS 6.3 | Idccms | - | - |  |
CVE-2024-40119Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover. | CVSS 8.8 | Exploit | - |  | |
CVE-2024-40039idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-40038idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | CVSS 5.3 | Idccms | - | - |  |
CVE-2024-40037idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-40035idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | CVSS 5.9 | Idccms | - | - |  |
CVE-2024-40034idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-39744IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | CVSS 4.3 | Ibm | - | Patched |  |
CVE-2024-3972The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | CVSS 4.3 | Davidjmiller, et al | Exploit | - |  |
CVE-2024-3971The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | CVSS 4.3 | Davidjmiller, et al | Exploit | - |  |
CVE-2024-39681Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 5.4 | Wordpress | - | - |  |
CVE-2024-39680Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 5.4 | Wordpress | - | - |  |
CVE-2024-39679Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 4.3 | Wordpress | - | - |  |
CVE-2024-39678Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 4.3 | Wordpress | - | - |  |
CVE-2024-39657Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18. | CVSS 8.8 | Wordpress | - | - |  |
CVE-2024-39645Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | CVSS 8.8 | Themeum | - | - |  |
CVE-2024-39641Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2. | CVSS 8.8 | Thimpress | - | - |  |
CVE-2024-39628Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.8.6. | CVSS 8.8 | Ninjaforms | - | - |  |
CVE-2024-39410Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | CVSS 4.3 | Adobe | - | Patched |  |
CVE-2024-39409Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | CVSS 4.3 | Adobe | - | Patched |  |
CVE-2024-39408Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | CVSS 4.3 | Adobe | - | Patched |  |
CVE-2024-39326SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint
`/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue.
| CVSS 4.4 | Contrastsecurity | - | - |  |
CVE-2024-3932A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 4.3 | - | - |  | |
CVE-2024-39158idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-39157idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | CVSS 3.8 | Idccms | - | - |  |
CVE-2024-39156idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | CVSS 3.8 | Idccms | - | - |  |
CVE-2024-39155idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add. | CVSS 6.8 | Idccms | - | - |  |
CVE-2024-39154idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-39153idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. | CVSS 4.7 | Idccms | - | - |  |
CVE-2024-39119idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-39090The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. | CVSS 6.1 | Phpgurukul | - | - |  |
CVE-2024-39063Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests. | CVSS 8.8 | Limesurvey | - | - |  |
CVE-2024-39023idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-39022idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-39021idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-39020idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close | CVSS 6.3 | Idccms | - | - |  |
CVE-2024-39019idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-38776Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7. | CVSS 7.1 | Wordpress | - | - |  |
CVE-2024-3873A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907. | CVSS 4.3 | - | - |  | |
CVE-2024-38724Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5. | CVSS 7.1 | Rocklobster | - | - |  |
CVE-2024-38457Xenforo before 2.2.16 allows CSRF. | CVSS 8.8 | Xenforo | Exploit | Patched |  |
CVE-2024-38293ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. | CVSS 9.6 | Alcasar | - | - |  |
CVE-2024-38276Incorrect CSRF token checks resulted in multiple CSRF risks. | CVSS 8.8 | Moodle, et al | - | Patched |  |
CVE-2024-3825Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration
| CVSS 4.3 | - | Patched |  | |
CVE-2024-3798Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.
This issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable. | CVSS Low | Sourcefabric | - | - |  |
CVE-2024-37941Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3. | CVSS 4.3 | Wordpress, et al | - | - |  |
CVE-2024-37940Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13. | CVSS 7.4 | Seraphinitesolutions | - | - |  |
CVE-2024-37939Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3. | CVSS 4.3 | Wordpress | - | - |  |
CVE-2024-37938Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10. | CVSS 4.3 | Mythemeshop | - | - |  |