Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,360)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27846 1Yooslider 1Yoo Slider Jun 17, 2026 Apr 13, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
CVE-2022-22959 1Vmware 5Cloud Foundation Identity ManagerVrealize Automation+2 more Jun 17, 2026 Apr 13, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validat...Show more VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.Show less
CVE-2022-26589 1Pluck Cms 1Pluck Jun 17, 2026 Apr 13, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
CVE-2022-29050 1Jenkins 1Publish Over Ftp Jun 17, 2026 Apr 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.
CVE-2022-29048 2Apple Jenkins 2Macos Subversion Jun 17, 2026 Apr 12, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2021-36914 1Claderaform 1Calderawp License Manager Jun 17, 2026 Apr 12, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.
CVE-2022-0141 1Vfbpro 1Visual Form Builder Jun 17, 2026 Apr 12, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
CVE-2022-25754 1Siemens 23Scalance X302 7eec Firmware Scalance X304 2fe FirmwareScalance X306 1ldfe Firmware+20 more Jun 17, 2026 Apr 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x...Show more A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.Show less
CVE-2022-25615 1Stylemixthemes 1Eroom Zoom Meetings & Webinar Jun 17, 2026 Apr 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
CVE-2022-25614 1Stylemixthemes 1Eroom Zoom Meetings & Webinar Jun 17, 2026 Apr 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
CVE-2022-0914 1Atlasgondal 1Export All Urls Jun 17, 2026 Apr 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbi...Show more The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for exampleShow less
CVE-2021-32162 1Webmin 1Webmin Jun 17, 2026 Apr 11, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVE-2021-32159 1Webmin 1Webmin Jun 17, 2026 Apr 11, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVE-2021-32156 1Webmin 1Webmin Jun 17, 2026 Apr 11, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVE-2022-26588 1Icehrm 1Icehrm Jun 17, 2026 Apr 8, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.
CVE-2022-26180 1Qdpm 1Qdpm Jun 17, 2026 Apr 8, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
CVE-2020-4668 1Ibm 1Sterling B2b Integrator Jun 17, 2026 Apr 8, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized a...Show more IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.Show less
CVE-2022-20774 1Cisco 17Ip Phone 6825 Firmware Ip Phone 6841 FirmwareIp Phone 6851 Firmware+14 more Jun 17, 2026 Apr 6, 2022 N/A· v4 8.1 HIGH· v3 4.9 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSR...Show more A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.Show less
CVE-2021-41245 1Combodo 1Itop Jun 17, 2026 Apr 5, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this is...Show more Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.Show less
CVE-2022-0830 1Formbuilder Project 1Formbuilder Jun 17, 2026 Apr 4, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make...Show more The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.Show less

Previous 1...290291292...468 Next