Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-38660: Knowledge Article View HCL - Customer Support

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

CVE
#csrf#vulnerability#auth
CVE-2022-20961: Cisco Security Advisory: Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.

Senayan Library Management System 9.5.0 SQL Injection

Senayan Library Management System version 9.5.0 suffers from a remote SQL injection vulnerability.

CVE-2022-36404: WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability - Patchstack

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

CVE-2022-25952: WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

CVE-2022-40131: WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

CVE-2022-42751: CandidATS 3.0.0 - CSRF to Privilege Escalation | Advisories | Fluid Attacks

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.

CVE-2022-3845: Release 1.5.0 · phpipam/phpipam

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.

CVE-2022-40291: Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

GHSA-vpwh-qmwc-2phg: ProcessWire vulnerable to Cross-Site Request Forgery

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).