Vulnerabilities (CVE)

Filtered by CWE-352
Total 6529 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-10711 1 Ithemelandco 1 Woocommerce Report 2024-11-07 N/A 8.8 HIGH
The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-50466 1 Darkmysite 1 Darkmysite 2024-11-06 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8.
CVE-2024-9990 1 Odude 1 Crypto Tool 2024-11-06 N/A 8.8 HIGH
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-49223 1 Shibulijack 1 Cj Change Howdy 2024-11-06 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1.
CVE-2024-49221 1 Julianweinert 1 Cslider 2024-11-06 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2.
CVE-2024-49220 1 Cookie-scanner 1 Cookie Scanner 2024-11-06 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1.
CVE-2024-49229 1 Arifnezami 1 Better Author Bio 2024-11-06 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11.
CVE-2024-49237 1 Ahmetimamoglu 1 Ahmeti Wp Timeline 2024-11-06 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1.
CVE-2024-51382 2024-11-06 N/A 8.4 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system.
CVE-2024-51381 2024-11-06 N/A 8.4 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.
CVE-2024-31998 1 Combodo 1 Itop 2024-11-06 N/A 8.8 HIGH
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-30617 2024-11-05 N/A 5.4 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
CVE-2024-48057 2024-11-05 N/A 6.1 MEDIUM
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
CVE-2024-10605 1 Fabianros 1 Blood Bank Management System 2024-11-05 5.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-45504 2024-11-04 N/A 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
CVE-2024-6959 1 Lollms 1 Lollms Web Ui 2024-11-03 N/A 7.1 HIGH
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.
CVE-2024-10557 1 Fabianros 1 Blood Bank Management System 2024-11-01 5.0 MEDIUM 6.5 MEDIUM
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-6673 1 Lollms 1 Lollms Web Ui 2024-11-01 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
CVE-2024-41744 2024-11-01 N/A 6.5 MEDIUM
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-10448 1 Fabianros 1 Blood Bank Management System 2024-11-01 5.0 MEDIUM 6.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.