Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,362)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43407 1Jenkins 1Pipeline\ Jun 17, 2026 Oct 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given '...Show more Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.Show less
CVE-2022-41500 1Eyoucms 1Eyoucms Jun 17, 2026 Oct 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
CVE-2022-3585 1Oretnom23 1Simple Cold Storage Management System Jun 17, 2026 Oct 18, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The ma...Show more A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.Show less
CVE-2022-3582 1Oretnom23 1Simple Cold Storage Management System Jun 17, 2026 Oct 18, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument chang...Show more A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability.Show less
CVE-2020-8976 1Zigor 1Zgr Tps200 Ng Firmware Jun 17, 2026 Oct 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user ha...Show more The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.Show less
CVE-2022-23771 1Iptime 3Nas1dual Firmware Nas2dual FirmwareNas4dual Firmware Jun 17, 2026 Oct 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker c...Show more This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.Show less
CVE-2022-3151 1Wp Custom Cursors Project 1Wp Custom Cursors Jun 17, 2026 Oct 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
CVE-2022-3149 1Wp Custom Cursors Project 1Wp Custom Cursors Jun 17, 2026 Oct 17, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthe...Show more The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site ScriptingShow less
CVE-2022-3126 1Najeebmedia 1Frontend File Manager Plugin Jun 17, 2026 Oct 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
CVE-2022-3082 1Miniorange 1Discord Integration Jun 17, 2026 Oct 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for ex...Show more The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for exampleShow less
CVE-2022-42070 1Oretnom23 1Online Birth Certificate Management System Jun 17, 2026 Oct 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2022-35611 1Bevywise 1Mqttroute Jun 17, 2026 Oct 13, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-41489 1Wayos 6Lq 04 Firmware Lq 05 FirmwareLq 06 Firmware+3 more Jun 17, 2026 Oct 13, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack...Show more WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.Show less
CVE-2022-41475 1Rpcms 1Rpcms Jun 17, 2026 Oct 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
CVE-2022-41474 1Rpcms 1Rpcms Jun 17, 2026 Oct 13, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
CVE-2022-34020 1Resiot 1Iot Platform And Lorawan Network Server Jun 17, 2026 Oct 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.
CVE-2022-42087 1Tenda 1Ax1803 Firmware Jun 17, 2026 Oct 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-42086 1Tenda 1Ax1803 Firmware Jun 17, 2026 Oct 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
CVE-2022-42078 1Tenda 1Ac1206 Firmware Jun 17, 2026 Oct 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-42077 1Tenda 1Ac1206 Firmware Jun 17, 2026 Oct 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.

Previous 1...271272273...469 Next