CVE-2024-54408

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9.

Related Vulnerabilities

CVE-2004-1995

MEDIUM
CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-3522004

CVE-2005-1674

MEDIUM
CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-3522005

CVE-2005-2059

MEDIUM
CVSS:6.5(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow r...

CWE-3522005

CVE-2009-3022

MEDIUM
CVSS:6.5(Medium)

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change conten...

CWE-3522009

CVE-2011-3609

MEDIUM
CVSS:6.5(Medium)

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP ...

CWE-3522011

CVE-2011-5250

MEDIUM
CVSS:6.5(Medium)

Snare for Linux before 1.7.0 has CSRF in the web interface.

CWE-3522011