Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-50766 1Jenkins 1Nexus Platform Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2023-47326 1Silverpeas 1Silverpeas Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
CVE-2023-47322 1Silverpeas 1Silverpeas Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpea...Show more The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.Show less
CVE-2022-27488 1Fortinet 6Fortiai FortimailFortindr+3 more Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3,...Show more A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.Show less
CVE-2023-47578 1Relyum 2Rely Pcie Firmware Rely Rec Firmware Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.
CVE-2023-45316 1Mattermost 1Mattermost Server Jun 17, 2026 Dec 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different e...Show more Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. Show less
CVE-2023-6671 1Openjournalsystems 1Open Journal Systems Jun 17, 2026 Dec 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
CVE-2023-6653 1Phpgurukul 1Teacher Subject Allocation Management System Jun 17, 2026 Dec 10, 2023 N/A· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the compo...Show more A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.Show less
CVE-2023-5756 1Supsystic 1Digital Publications By Supsystic Jun 17, 2026 Dec 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action hand...Show more The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-49448 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
CVE-2023-49447 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
CVE-2023-49446 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49398 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
CVE-2023-49397 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
CVE-2023-49396 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
CVE-2023-49395 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
CVE-2023-49383 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
CVE-2023-49382 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
CVE-2023-49381 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
CVE-2023-49380 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

Previous 1...202203204...468 Next