Total
7675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36579 | 1 Wellcms | 1 Wellcms | 2024-11-21 | N/A | 8.8 HIGH |
| Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | |||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 8.8 HIGH |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | |||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2024-11-21 | N/A | 6.1 MEDIUM |
| Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. | |||||
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
| CVE-2022-36389 | 1 Wordplus | 1 Better Messages | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | |||||
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. | |||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-36373 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | |||||
| CVE-2022-36358 | 1 Seoscout | 1 Seo Scout | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | |||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2024-11-21 | N/A | 4.3 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | |||||
| CVE-2022-36345 | 1 Metagauss | 1 Download Plugin | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. | |||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36292 | 1 Wpchill | 1 Gallery Photoblocks | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 8.8 HIGH |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 8.8 HIGH |
| XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | |||||
| CVE-2022-36076 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 8.8 HIGH |
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | |||||
| CVE-2022-35943 | 1 Codeigniter | 2 Codeigniter, Shield | 2024-11-21 | N/A | 5.9 MEDIUM |
| Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match) | |||||