Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24780 1Single Post Exporter Project 1Single Post Exporter Jun 17, 2026 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the expor...Show more The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URLShow less
CVE-2021-4092 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 11, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4082 1Pimcore 1Pimcore Jun 17, 2026 Dec 10, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4033 1Kimai 1Kimai 2 Jun 17, 2026 Dec 9, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2020-19682 1Zzzcms 1Zzzcms Jun 17, 2026 Dec 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
CVE-2021-4049 1Livehelperchat 1Live Helper Chat Jun 17, 2026 Dec 7, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-31631 1B2evolution 1B2evolution Cms Jun 17, 2026 Dec 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.
CVE-2021-35242 1Solarwinds 1Serv U Jun 17, 2026 Dec 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Serv-U server responds with valid CSRFToken when the request contains only Session.
CVE-2021-24914 1Tawk 1Tawk.to Live Chat Jun 17, 2026 Dec 6, 2021 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-pri...Show more The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-id' parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, ...). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages.Show less
CVE-2021-4005 1Firefly Iii 1Firefly Iii Jun 17, 2026 Dec 4, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-29756 2Ibm Netapp 2Cognos Analytics Oncommand Insight Jun 17, 2026 Dec 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...Show more IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.Show less
CVE-2015-20105 1Cbads 1Clickbank Affiliate Ads Nov 21, 2024 Dec 2, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escapi...Show more The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issuesShow less
CVE-2021-3944 1Bookstackapp 1Bookstack Jun 17, 2026 Dec 2, 2021 N/A· v4 6.8 MEDIUM· v3 4.0 MEDIUM· v2 bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-44227 2Debian Gnu 2Debian Linux Mailman Jun 17, 2026 Dec 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVE-2021-43137 1Phpgurukul 1Hostel Management System Jun 17, 2026 Dec 1, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
CVE-2021-4017 1Showdoc 1Showdoc Jun 17, 2026 Dec 1, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4015 1Firefly Iii 1Firefly Iii Jun 17, 2026 Dec 1, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3993 1Showdoc 1Showdoc Jun 17, 2026 Dec 1, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-20860 1Elecom 14Edwrc 2533gst2 Firmware Wrc 1167gst2 FirmwareWrc 1167gst2a Firmware+11 more Jun 17, 2026 Dec 1, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 a...Show more Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.Show less
CVE-2021-20851 1Browser And Operating System Finder Project 1Browser And Operating System Finder Jun 17, 2026 Dec 1, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vecto...Show more Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.Show less

Previous 1...300301302...468 Next