Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24666

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-03 Feb, 2026 | 16:58
Updated At-04 Feb, 2026 | 16:51
Rejected At-
Credits

Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:03 Feb, 2026 | 16:58
Updated At:04 Feb, 2026 | 16:51
Rejected At:
▼CVE Numbering Authority (CNA)
Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

Affected Products
Vendor
gunet
Product
openeclass
Versions
Affected
  • < 4.2
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352: Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fm
x_refsource_CONFIRM
Hyperlink: https://github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fm
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:03 Feb, 2026 | 18:16
Updated At:10 Feb, 2026 | 18:47

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CPE Matches
gunet
gunet
>>open_eclass_platform>>Versions before 4.2(exclusive)
cpe:2.3:a:gunet:open_eclass_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity-advisories@github.com
CWE ID: CWE-352
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fmsecurity-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fm
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

534Records found
CVE-2020-4675
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 16:50
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.

Action-Not Available
Vendor-IBM CorporationopenSUSELinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelopensuselinux_on_ibm_zwindowsinfosphere_master_data_management_serveraixInfoSphere Master Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5790
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.67% / 85.47%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:20
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xiNagios XI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4773
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:05
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4301
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.30%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3057
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 15:01
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4286
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:15
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36633
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.55%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 12:11
Updated-17 May, 2024 | 01:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
moodle-block_sitenews block_sitenews.php get_content cross-site request forgery

A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879.

Action-Not Available
Vendor-moodle-block_sitenews_projectn/a
Product-moodle-block_sitenewsmoodle-block_sitenews
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36534
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.26%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 19:10
Updated-15 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
easyii CMS out cross-site request forgery

A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-easyiicmseasyii
Product-easyiicmsCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 14:31
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 17:49
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)

Action-Not Available
Vendor-n/aImagely, LLC (Imagely)
Product-nextgen_galleryn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.36%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 15:52
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).

Action-Not Available
Vendor-bloofoxn/a
Product-bloofoxcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 02:56
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-policy_authority_for_unified_communicationsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36504
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 08:45
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

Action-Not Available
Vendor-wp-pro-quiz_projectUnknown
Product-wp-pro-quizWp-Pro-Quiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-3124
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:25
Updated-13 Nov, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hosted_collaboration_mediation_fulfillmentCisco Hosted Collaboration Mediation Fulfillment
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-3261
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.29% / 52.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 20:11
Updated-15 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562icatalyst_iw6300aironet_1830_firmwareaironet_3800eaironet_1542d_firmwareaironet_3800i_firmwareaironet_1850aironet_1562eaironet_3800e_firmwareaironet_2800i_firmwareaironet_1542iaironet_2800iaironet_3800paironet_1830aironet_3800p_firmwareaironet_1815aironet_4800aironet_1542daironet_4800_firmwareaironet_1542i_firmwarecatalyst_iw6300_firmwareaironet_1562d6300_series_access_pointsaironet_1562d_firmwareaironet_2800e_firmwareaironet_3800iaironet_1850_firmwareaironet_1840aironet_1562e_firmwareaironet_1562i_firmware6300_series_access_points_firmwareaironet_2800eaironet_1815_firmwareaironet_1840_firmwareCisco Mobility Express
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 03:05
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

Action-Not Available
Vendor-cxuun/a
Product-cxuucmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-29292
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 16:11
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses.

Action-Not Available
Vendor-iballn/a
Product-wrd12en_firmwarewrd12enn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-28846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 15:49
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27265
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 18:37
Updated-02 Aug, 2024 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Integration Bus for z/OS cross-site request forgery

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsintegration_buslinux_kernelz\/osIntegration Bus for z/OS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-25986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 12:51
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.

Action-Not Available
Vendor-monocmsn/a
Product-monocmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-25472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 14:28
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

Action-Not Available
Vendor-newsscriptphpn/a
Product-news_script_php_pron/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-25408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 12:45
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data.

Action-Not Available
Vendor-college_management_system_projectn/a
Product-college_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.20%
||
7 Day CHG~0.00%
Published-10 Sep, 2020 | 13:17
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22361
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.03%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 15:45
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2192
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.89%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.

Action-Not Available
Vendor-Jenkins
Product-self-organizing_swarm_modulesJenkins Self-Organizing Swarm Plug-in Modules Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2295
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

Action-Not Available
Vendor-barchartJenkins
Product-maven_cascade_releaseJenkins Maven Cascade Release Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.47%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 17:44
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

Action-Not Available
Vendor-mipcmsn/a
Product-mipcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 16:54
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.

Action-Not Available
Vendor-puppycmsn/a
Product-puppycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 22:37
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.

Action-Not Available
Vendor-wagecms_projectn/a
Product-wage-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.20%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 21:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

Action-Not Available
Vendor-wtcms_projectn/a
Product-wtcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.58%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 14:17
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

Action-Not Available
Vendor-phpmywindn/a
Product-phpmywindn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 04:00
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.

Action-Not Available
Vendor-white_shark_systems_projectn/a
Product-white_shark_systemsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2355
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.7||MEDIUM
EPSS-0.13% / 32.07%
||
7 Day CHG~0.00%
Published-08 Aug, 2022 | 13:46
Updated-24 Sep, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin

Action-Not Available
Vendor-easy_username_updater_projectUnknown
Product-easy_username_updaterEasy Username Updater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 18:18
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

Action-Not Available
Vendor-thinkcmfn/a
Product-thinkcmfn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-17901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.09%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 18:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23052
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 21:56
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.

Action-Not Available
Vendor-petereport_projectn/a
Product-petereportPeTeReport
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.20%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 16:04
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.

Action-Not Available
Vendor-indexhibitn/a
Product-indexhibitn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20735
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:20
Updated-06 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-14989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 18:14
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.

Action-Not Available
Vendor-bloomreachn/a
Product-experience_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1624
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-latest_tweets_widget_projectUnknown
Product-latest_tweets_widgetLatest Tweets Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1608
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF

The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-byonepressUnknown
Product-social_lockerOnePress Social Locker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1967
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 13:05
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Championship < 9.3 - Multiple CSRF

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Action-Not Available
Vendor-wp-championship_projectUnknown
Product-wp-championshipWP Championship
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1630
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Email < 2.69.0 - Log Deletion via CSRF

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack

Action-Not Available
Vendor-wp-email_projectUnknown
Product-wp-emailWP-EMail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 17:48
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses.

Action-Not Available
Vendor-iballn/a
Product-wrb303nwrb303n_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1828
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-pdf24_articles_to_pdf_projectUnknown
Product-pdf24_articles_to_pdfPDF24 Articles To PDF
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1610
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-seamless_donations_projectUnknown
Product-seamless_donationsSeamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1612
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-webritiUnknown
Product-webriti_smtp_mailWebriti SMTP Mail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22359
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

Action-Not Available
Vendor-IBM Corporation
Product-partner_engagement_managerpartner_engagement_manager_on_cloud\/saasSterling Partner Engagement Manager on CloudSterling Partner Engagement Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1422
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:50
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discy < 5.2 - Restore Default Settings via CSRF

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

Action-Not Available
Vendor-2codeUnknown
Product-discyDiscy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1761
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF

The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.

Action-Not Available
Vendor-peter\'s_collaboration_e-mails_projectUnknown
Product-peter\'s_collaboration_e-mailsPeter’s Collaboration E-mails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 10
  • 11
  • Next
Details not found