CVE-2024-41811

LOW Year: 2024
CVSS v3 Score
3.9
Low
Weakness Type
CWE-352
View all →

Vulnerability Description

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Related Vulnerabilities

CVE-2022-22348

MEDIUM
CVSS:4.0(Medium)

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administra...

CWE-3522022

CVE-2022-41925

LOW
CVSS:3.8(Low)

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the pee...

CWE-3522022

CVE-2024-35039

LOW
CVSS:3.8(Low)

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

CWE-3522024

CVE-2024-39156

LOW
CVSS:3.8(Low)

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

CWE-3522024

CVE-2024-39157

LOW
CVSS:3.8(Low)

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.

CWE-3522024

CVE-2024-4328

MEDIUM
CVSS:4.0(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear...

CWE-3522024