CVE-2022-22348

MEDIUM Year: 2022
CVSS v3 Score
4.0
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-352
View all →

Vulnerability Description

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.

Related Vulnerabilities

CVE-2024-4328

MEDIUM
CVSS:4.0(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear...

CWE-3522024

CVE-2024-9689

MEDIUM
CVSS:4.1(Medium)

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

CWE-3522024

CVE-2024-41811

LOW
CVSS:3.9(Low)

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected pr...

CWE-3522024

CVE-2022-41925

LOW
CVSS:3.8(Low)

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the pee...

CWE-3522022

CVE-2024-31205

MEDIUM
CVSS:4.2(Medium)

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) val...

CWE-3522024

CVE-2024-35039

LOW
CVSS:3.8(Low)

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

CWE-3522024