Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42764 1Kjayvik 1Bus Ticket Reservation System Jun 17, 2026 Aug 23, 2024 N/A· v4 9.4 CRITICAL· v3 N/A· v2 Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
CVE-2024-42768 1Jayesh 1Hotel Management System Jun 17, 2026 Aug 22, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVE-2024-43787 1Hono 1Hono Jun 17, 2026 Aug 22, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementR...Show more Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.Show less
CVE-2024-39744 1Ibm 1Sterling Connect Direct Web Services Jun 17, 2026 Aug 22, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the web...Show more IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.Show less
CVE-2024-40886 1Mattermost 1Mattermost Jun 17, 2026 Aug 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that...Show more Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console.Show less
CVE-2024-42056 1Retool 1Retool Jun 17, 2026 Aug 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resour...Show more Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.Show less
CVE-2024-20486 1Cisco 1Identity Services Engine Jun 17, 2026 Aug 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary ac...Show more A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.Show less
CVE-2024-7647 1Otasync 1Ota Sync Booking Engine Widget Jun 17, 2026 Aug 21, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasync_widget_...Show more The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasync_widget_settings_fnc() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-42619 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVE-2024-42612 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42621 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
CVE-2024-42618 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
CVE-2024-42617 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
CVE-2024-42616 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics
CVE-2024-42613 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
CVE-2024-42611 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
CVE-2024-42610 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
CVE-2024-42609 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
CVE-2024-42607 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
CVE-2024-42606 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1

Previous 1...147148149...466 Next