Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7480 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39154 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
CVE-2024-39155 1 Idccms 1 Idccms 2025-04-15 N/A 6.8 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
CVE-2024-39156 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
CVE-2024-39157 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
CVE-2024-39158 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
CVE-2024-40035 1 Idccms 1 Idccms 2025-04-15 N/A 5.9 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
CVE-2024-40038 1 Idccms 1 Idccms 2025-04-15 N/A 5.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
CVE-2024-40328 1 Idccms 1 Idccms 2025-04-15 N/A 6.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
CVE-2024-40329 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
CVE-2024-40331 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
CVE-2024-33829 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
CVE-2024-35010 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
CVE-2024-35009 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
CVE-2024-33830 1 Idccms 1 Idccms 2025-04-15 N/A 8.1 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
CVE-2022-46491 1 Nbnbk Project 1 Nbnbk 2025-04-15 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
CVE-2022-2846 1 Dwbooster 1 Calendar Event Multi View 2025-04-15 N/A 4.3 MEDIUM
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
CVE-2022-46853 1 Radiustheme 1 The Post Grid 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.
CVE-2022-4124 1 Popup Manager Project 1 Popup Manager 2025-04-14 N/A 4.3 MEDIUM
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
CVE-2024-54357 1 Theme-fusion 1 Avada 2025-04-14 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
CVE-2020-28191 1 Togglz 1 Togglz 2025-04-14 N/A 8.8 HIGH
The console in Togglz before 2.9.4 allows CSRF.