Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,361)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-3098 1Thoughtbot 1Administrate Nov 21, 2024 Aug 5, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
CVE-2022-34158 1Apache 1Jspwiki Jun 17, 2026 Aug 4, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of thi...Show more A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.Show less
CVE-2022-28731 1Apache 1Jspwiki Jun 17, 2026 Aug 4, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a...Show more A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.Show less
CVE-2022-34937 1Yuba 1U5cms Jun 17, 2026 Aug 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.
CVE-2022-36968 1Progress 1Ipswitch Ws Ftp Server Jun 17, 2026 Aug 2, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.
CVE-2022-34161 1Ibm 1Cics Tx Jun 17, 2026 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.
CVE-2022-2260 1Givewp 1Givewp Jun 17, 2026 Aug 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web s...Show more The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.Show less
CVE-2022-2245 1Wow Company 1Counter Box Jun 17, 2026 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
CVE-2022-2184 1Wpwhitesecurity 1Captcha 4wp Jun 17, 2026 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitr...Show more The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.Show less
CVE-2022-2171 1Crowdfavorite 1Progressive License Jun 17, 2026 Aug 1, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HT...Show more The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.Show less
CVE-2022-26309 1Pandorafms 1Pandora Fms Jun 17, 2026 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.
CVE-2022-36920 1Jenkins 1Coverity Jun 17, 2026 Jul 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-36916 1Jenkins 1Google Cloud Backup Jun 17, 2026 Jul 27, 2022 N/A· v4 8.0 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.
CVE-2022-36911 1Jenkins 1Openstack Heat Jun 17, 2026 Jul 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-36908 1Jenkins 1Openshift Deployer Jun 17, 2026 Jul 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file syste...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.Show less
CVE-2022-36906 1Jenkins 1Openshift Deployer Jun 17, 2026 Jul 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2022-36887 1Jenkins 1Job Configuration History Jun 17, 2026 Jul 27, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or res...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.Show less
CVE-2022-36886 1Jenkins 1External Monitor Job Type Jun 17, 2026 Jul 27, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.
CVE-2022-36882 1Jenkins 1Git Jun 17, 2026 Jul 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.Show less
CVE-2022-35286 1Ibm 1Security Verify Information Queue Jun 17, 2026 Jul 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-...Show more IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.Show less

Previous 1...278279280...469 Next