Fallos del tipo CWE-352

5677 resultados
CVE-2019-18271OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be iEPSS 0.6%CVE-2022-0134AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRFEPSS 0.6%CVE-2021-25930MEDIUMIn OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through EPSS 0.6%CVE-2021-24696Simple Download Monitor < 3.9.9 - Multiple CSRFEPSS 0.6%CVE-2018-13800A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-SEPSS 0.6%CVE-2022-0914Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRFEPSS 0.6%CVE-2023-37277CRITICALXWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST APIEPSS 0.6%CVE-2021-3944LOWCross-Site Request Forgery (CSRF) in bookstackapp/bookstackEPSS 0.6%CVE-2021-41113HIGHCross-Site-Request-Forgery in Backend URI Handling in Typo3EPSS 0.6%CVE-2021-24803Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRFEPSS 0.6%CVE-2021-24487St Daily Tip <= 4.7 - CSRF to Stored Cross-Site ScriptingEPSS 0.6%CVE-2022-0499Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRFEPSS 0.6%CVE-2020-15156MEDIUMXSS due to lack of CSRF validation for replying/publishingEPSS 0.6%CVE-2022-47130MEDIUMA Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with adminEPSS 0.6%CVE-2021-39197MEDIUMCross-Site Request Forgery in better_errorsEPSS 0.6%CVE-2022-20853HIGHCisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery VulnerabilityEPSS 0.6%CVE-2021-4168MEDIUMCross-Site Request Forgery (CSRF) in star7th/showdocEPSS 0.6%CVE-2021-24328WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)EPSS 0.6%CVE-2021-24804Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRFEPSS 0.6%CVE-2022-1599Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRFEPSS 0.6%