Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36550

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Jun, 2024 | 14:48
Updated At-13 Feb, 2025 | 15:59
Rejected At-
Credits

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Jun, 2024 | 14:48
Updated At:13 Feb, 2025 | 15:59
Rejected At:
▼CVE Numbering Authority (CNA)

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/da271133/cms/blob/main/29/csrf.md
N/A
Hyperlink: https://github.com/da271133/cms/blob/main/29/csrf.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/da271133/cms/blob/main/29/csrf.md
x_transferred
Hyperlink: https://github.com/da271133/cms/blob/main/29/csrf.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
idccms_project
Product
idccms
CPEs
  • cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.35
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Jun, 2024 | 15:15
Updated At:21 Aug, 2024 | 16:35

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CPE Matches
idccms
idccms
>>idccms>>1.35
cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/da271133/cms/blob/main/29/csrf.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/da271133/cms/blob/main/29/csrf.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2329Records found
CVE-2024-39156
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.06% / 19.57%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 00:00
Updated-15 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35554
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 13:38
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.

Action-Not Available
Vendor-n/aidccms_project
Product-n/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33829
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-15 Apr, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4172
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.59%
||
7 Day CHG-0.00%
Published-25 Apr, 2024 | 14:00
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
idcCMS cross-site request forgery

A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.

Action-Not Available
Vendor-n/aidccms_project
Product-idcCMSidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 15:03
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Action-Not Available
Vendor-usersultran/a
Product-users_ultra_membershipn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2019 | 20:36
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.

Action-Not Available
Vendor-wpserveurn/a
Product-wps_hide_loginn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7005
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:55
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-win-pakHoneywell WIN-PAK 4.7.2, Web and prior versions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22954
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.97%
||
7 Day CHG-0.04%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmshttps://github.com/concrete5/concrete5
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7029
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 23:05
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Action-Not Available
Vendor-Avaya LLC
Product-aura_communication_manageraura_messagingAvaya Aura Communication ManagerAvaya Aura Messaging
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.70% / 81.55%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-26 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.

Action-Not Available
Vendor-flusityn/aflushcms
Product-flusityn/aflushcms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2376
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.44%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 06:00
Updated-01 Aug, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Action-Not Available
Vendor-2codeUnknown2code
Product-wpqa_builderWPQA Builderwpqa_builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 14:32
Updated-01 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.

Action-Not Available
Vendor-sivelMatt Martz & Andy Stratton
Product-pagerestrictPage Restrict
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.82%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:23
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

Action-Not Available
Vendor-wepluginsn/a
Product-wp_mapsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.41% / 79.71%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:00
Updated-01 Aug, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/aflusity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7332
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7||HIGH
EPSS-0.16% / 37.61%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 09:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS)

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

Action-Not Available
Vendor-McAfee, LLC
Product-endpoint_securityEndpoint Security for Windows
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 03:44
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.

Action-Not Available
Vendor-unitegalleryn/a
Product-unite_gallery_liten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.82%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:22
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

Action-Not Available
Vendor-wepluginsn/a
Product-wp_mapsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:24
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cg3700bcg3700b_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24162
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.12% / 32.13%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Responsive Menu < 4.0.4 - CSRF to Settings Update

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.

Action-Not Available
Vendor-expresstechExpressTech
Product-responsive_menuResponsive Menu ProResponsive Menu – Create Mobile-Friendly Menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.48%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

Action-Not Available
Vendor-n/aCodePeople
Product-cp_contact_form_with_paypaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13529
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.34%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 15:26
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Action-Not Available
Vendor-smaSMA Solar Technology AG
Product-sunny_webboxsunny_webbox_firmwareSunny WebBox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13563
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 14:59
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-655_firmwaredir-655n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-05 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-22 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/acms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.56%
||
7 Day CHG~0.00%
Published-22 Oct, 2019 | 20:34
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

Action-Not Available
Vendor-ad_inserter_projectn/a
Product-ad_insertern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-29 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.36% / 84.31%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 00:00
Updated-16 Jan, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

Action-Not Available
Vendor-sunkaifein/aflycms_project
Product-flycmsn/aflycms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9284
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.72%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 14:03
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.

Action-Not Available
Vendor-omniauthn/a
Product-omniauthomniauth ruby gem
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.50%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:24
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

Action-Not Available
Vendor-wepluginsn/a
Product-wp_mapsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22416
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-5.90% / 90.25%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 23:48
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation

pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.

Action-Not Available
Vendor-pyload-ng_projectpyload
Product-pyload-ngpyload
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.19% / 83.70%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 00:00
Updated-29 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.

Action-Not Available
Vendor-laraveln/a
Product-livewiren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1259
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.04% / 89.35%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationMicrosoft SharePoint Foundation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 39.12%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 19:25
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

Action-Not Available
Vendor-verintn/a
Product-impact_360n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:45
Updated-23 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.

Action-Not Available
Vendor-marcomilesiMarco Milesi
Product-browser_theme_colorBrowser Theme Color
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 00:00
Updated-23 Oct, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.

Action-Not Available
Vendor-gxsoftwaren/a
Product-xperiencentraln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.38%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 13:53
Updated-30 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5.

Action-Not Available
Vendor-droitthemesDroitThemes
Product-droit_elementor_addonsDroit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-09 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12636
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsf250-24psf250-08sg300-10p_firmwaresg300-52_firmwaresf250-08hp_firmwaresf250-10p_firmwaresg500-52mp_firmwaresf250-26sf250x-48p_firmwaresg300-52sf250-26_firmwaresg200-26sg500-28sg500x-48sg550x-48p_firmwaresx550x-24sg200-26_firmwaresg200-50p_firmwaresf200e48psg200-08psf250-24p_firmwaresf200-24_firmwaresg300-20sg500-28psx550x-12fsf200-48sf200e-24sf250x-48_firmwaresf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf250-08_firmwaresf300-48psf300-24_firmwaresg500-52sf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psf200e-24psg350-28sf250-24sg500-52_firmwaresf250-26p_firmwaresf550x-48p_firmwaresg550x-48psg200-10fpsf300-24ppsf200e-48sf250-50hpsx550x-24ft_firmwaresg300-10mpp_firmwaresf250-50hp_firmwaresf550x-48_firmwaresf250-50psg200-50sg300-52mpsf250-18_firmwaresf250-26hp_firmwaresf250x-24psf250x-48psg350-10p_firmwaresg355-10psf200-48p_firmwaresg350-10psg200-26fp_firmwaresx550x-16ft_firmwaresg200-50psf302-08p_firmwaresg500-52mpsg300-52psf250-48sg300-20_firmwaresf250x-24sf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg200-50fpsg300-28_firmwaresf302-08psg500-28mppsf500-24psf200-24p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg300-10sfp_firmwaresf550x-48mp_firmwaresf250-50sg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg300-28ppsf250-08hpsf250-26hpsg300-52mp_firmwaresg350-10mpsf500-48_firmwaresf550x-48psg500-28p_firmwaresg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresf200e-24_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf250-26psf200-24sx550x-24fsg500x-48psg350-10mp_firmwaresf302-08mpp_firmwaresf200e-48_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sf250x-24_firmwaresg300-10mpsf250-18sf300-08sg300-10ppsf350-48_firmwaresx550x-24f_firmwaresg200-08sf250-50_firmwaresf250-10psf250x-24p_firmwaresg350-28psf200e48p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf200e-24p_firmwaresg300-28sx550x-52_firmwaresg200-10fp_firmwaresg350-28_firmwaresg300-10_firmwaresg350-10sf250x-48sg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg200-50fp_firmwaresg500x-24p_firmwaresg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg550x-24p_firmwaresf200-24fpsg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24psg200-26psf200-48psf300-24psf300-24sg200-08_firmwaresf302-08mppsg550x-48sf302-08mpsf250-48_firmwaresf300-48pp_firmwaresf300-24mpsg300-28mp_firmwaresf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg550x-24mpp_firmwaresf250-48hpsg200-18sx550x-24_firmwaresg200-50_firmwaresg500x-48_firmwaresf300-08_firmwaresf200-48_firmwaresg500xg-8f8tsf250-50p_firmwaresg500-28_firmwaresf500-24_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 250 Series Smart Switches Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:56
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17.

Action-Not Available
Vendor-wpspellcheckWP Spell Check
Product-wpspellcheckWP Spell Check
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 11:56
Updated-17 Jun, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.

Action-Not Available
Vendor-custom_dashboard_widgets_projectAboZain,O7abeeb,UnitOne
Product-custom_dashboard_widgetsCustom Dashboard Widgets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 17:34
Updated-02 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

Action-Not Available
Vendor-dineshkarkiDnesscarkey
Product-use_any_fontUse Any Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.87%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

Action-Not Available
Vendor-eyoucmsn/a
Product-eyoucmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.90%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:31
Updated-08 Jan, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.

Action-Not Available
Vendor-atakanauAtakan Au
Product-click_disable_all1 click disable all
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LexisNexis Firco Compliance Link 3.7 allows CSRF.

Action-Not Available
Vendor-relxn/a
Product-firco_compliance_linkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.31%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 17:38
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-u_managed_file_transfern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19280
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.45%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 22:10
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.

Action-Not Available
Vendor-jeesnsn/a
Product-jeesnsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 46
  • 47
  • Next
Details not found