Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8282 1Ui 2Edgemax Edgepower 24v Firmware Edgemax Edgepower 54v Firmware Jun 17, 2026 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
CVE-2020-28858 1Openasset 1Digital Asset Management Jun 17, 2026 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user...Show more OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.Show less
CVE-2020-29254 1Tiki 1Tikiwiki Cms/groupware Jun 17, 2026 Dec 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected...Show more TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.Show less
CVE-2020-28838 1Opencart 1Opencart Jun 17, 2026 Dec 11, 2020 N/A· v4 3.5 LOW· v3 3.5 LOW· v2 Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
CVE-2020-35135 1Infolific 1Ultimate Category Excluder Jun 17, 2026 Dec 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
CVE-2020-2321 1Jenkins 1Shelve Project Jun 17, 2026 Dec 3, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.
CVE-2020-14369 1Redhat 1Cloudforms Jun 17, 2026 Dec 2, 2020 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attac...Show more This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.Show less
CVE-2020-29458 1Textpattern 1Textpattern Jun 17, 2026 Dec 2, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
CVE-2020-4127 1Hcltech 1Hcl Domino Jun 17, 2026 Nov 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from t...Show more HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.Show less
CVE-2020-17901 1Pbootcms 1Pbootcms Jun 17, 2026 Nov 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
CVE-2020-7780 1Softwaremill 1Akka Http Session Jun 17, 2026 Nov 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before...Show more This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.Show less
CVE-2020-26936 1Cloudera 1Data Engineering Jun 17, 2026 Nov 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-13620 1Fastweb 1Fastgate Gpon Fga2130fwb Firmware Jun 17, 2026 Nov 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.
CVE-2020-25472 1Newsscriptphp 1News Script Php Pro Jun 17, 2026 Nov 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
CVE-2020-5641 1Netgear 1Gs108ev3 Firmware Jun 17, 2026 Nov 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without th...Show more Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.Show less
CVE-2020-13350 1Gitlab 1Gitlab Jun 17, 2026 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5...Show more CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.Show less
CVE-2020-28649 1Orbisius 1Child Theme Creator Jun 17, 2026 Nov 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
CVE-2020-7332 1Mcafee 1Endpoint Security Jun 17, 2026 Nov 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security co...Show more Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.Show less
CVE-2019-7357 1Intelliants 1Subrion Cms Jun 17, 2026 Nov 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
CVE-2020-27146 1Tibco 1Iprocess Workspace Browser Jun 17, 2026 Nov 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (C...Show more The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.Show less

Previous 1...323324325...468 Next