Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32403 1Intelbras 1Rf 301k Firmware Jun 17, 2026 May 17, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
CVE-2021-32402 1Intelbras 1Rf 301k Firmware Jun 17, 2026 May 17, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
CVE-2021-32073 1Dedecms 1Dedecms Jun 17, 2026 May 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2020-18964 1Forestblog Project 1Forestblog Jun 17, 2026 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
CVE-2021-21655 1Jenkins 1P4 Jun 17, 2026 May 11, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21652 1Jenkins 1Xray Test Management For Jira Jun 17, 2026 May 11, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obta...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2020-23376 15none 1Nonecms Jun 17, 2026 May 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a store...Show more NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.Show less
CVE-2020-19199 1Phpok 1Phpok Jun 17, 2026 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2021-32096 1Nsa 1Emissary Jun 17, 2026 May 7, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
CVE-2020-23264 1Fork Cms 1Fork Cms Jun 17, 2026 May 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
CVE-2020-18889 1Puppycms 1Puppycms Jun 17, 2026 May 6, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
CVE-2021-24251 1Strategy11 1Business Directory Plugin Easy Listing Directories Jun 17, 2026 May 6, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitr...Show more The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)Show less
CVE-2021-24249 1Strategy11 1Business Directory Plugin Easy Listing Directories Jun 17, 2026 May 6, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files,...Show more The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etcShow less
CVE-2021-24179 1Strategy11 1Business Directory Plugin Easy Listing Directories Jun 17, 2026 May 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. A...Show more The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.Show less
CVE-2021-24178 1Strategy11 1Business Directory Plugin Easy Listing Directories Jun 17, 2026 May 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or d...Show more The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.Show less
CVE-2020-23127 1Chamilo 1Chamilo Lms Jun 17, 2026 May 6, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVE-2021-24272 1Codeinitiator 1Fitness Calculators Jun 17, 2026 May 5, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted...Show more The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issueShow less
CVE-2020-36334 1Themegrill 1Themegrill Demo Importer Jun 17, 2026 May 5, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
CVE-2021-29238 1Codesys 1Automation Server Jun 17, 2026 May 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
CVE-2021-30224 1Rukovoditel 1Rukovoditel Jun 17, 2026 Apr 29, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.

Previous 1...315316317...468 Next