WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.
078ea2f052b0bdbecbdbb86ff5abadf7af3ecef36acd21e345034b86b58c3b8e
WEBY version 1.2.5 suffers from a cross site request forgery vulnerability.
b90c7065497d4612bd9e8fe865ff315451e501545f2dcf82cfe35fbab372f669
Red Hat Security Advisory 2023-0560-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.
87d74e099c44a8fba916939b5b695bf11f9ee4557c7c18075edde2249576eb5c
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.
e3ba7e7e5a2df6cde42d9ee75f8bec79e5251c694adb11dfae0969e813acffdb
Red Hat Security Advisory 2023-0017-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.
100324dc37a3b8c6880e383212a38c4af09adce1dd885bc1832da298b091d2f2
WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.
5d3c94aa12c0662cecfc95164895acace4553b37a6d627727e5abb15210b1aba
Medisense-Healthcare Solutions CRM version 2.0 suffers from a cross site request forgery vulnerability.
01f668cbe090f4fc42a294a8bc4e25ae5e25e8e14835dab57cbbc94d04815623
Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.
e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a cross site request forgery vulnerability.
7ad82d8bc844cdfb8173406cc8e5fa3c2feccd6228cf610d090321bbbbac18b5
A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.
44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239
This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a backdoor that executes next time a user logs in interactively. This overwrites a file, but we restore it when we get a session Note that because this is a CSRF vulnerability, it starts a web server, but an authenticated administrator must visit the site, which redirects them to the target.
0942abdee0725fc32a285ecb9a23fb1bfe3ecc058946e6d59dda0de6b91cbca4
Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.
389845c1cb18def69eba66246c35f85df9383c4619ea4cbb54983839e90b7fcb
Debian Linux Security Advisory 5279-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
341ee59a0eda06f9f4d0a55d3d0dcfde3def67460f959fbb244cede42273627d
WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43e
Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783
Red Hat Security Advisory 2022-7519-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3e15d8d2daf7a09f7541e03f3086b2da3507f9323e80ae6e10ec506f6426e5c7
Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.
f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe
Multix version 2.4 suffers from a cross site request forgery vulnerability.
d804687ad3c71ed52a7465168db79fb1a6b87b78c6e128b3cc988a897cc33cf8
Online Employee Leave Management System version 1.0 suffers from a cross site request forgery vulnerability.
0710715d45689c909a85c5900c640070b5bf1573e0e7b5eaa10c502265e786a4
WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.
4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6
Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03c
JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.
c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9
Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.
aecc677dbeadf1e311ca918427b11abd363470e74f04e5d771a7638543fba47c
PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.
565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9