Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27016 1Trendmicro 1Interscan Messaging Security Virtual Appliance Jun 17, 2026 Nov 9, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated...Show more Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.Show less
CVE-2020-4651 1Ibm 1Maximo Spatial Asset Management Jun 17, 2026 Nov 9, 2020 N/A· v4 4.8 MEDIUM· v3 2.9 LOW· v2 IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t...Show more IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.Show less
CVE-2020-15259 1Auth0 1Ad/ldap Connector Jun 17, 2026 Nov 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a mal...Show more ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.Show less
CVE-2020-27692 1Imomobile 1Verve Connect Vh510 Firmware Jun 17, 2026 Nov 4, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration s...Show more The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.Show less
CVE-2020-22273 1Creativeitem 1Neoflex Video Subscription System Jun 17, 2026 Nov 4, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
CVE-2020-2303 1Jenkins 1Active Directory Jun 17, 2026 Nov 4, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directo...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.Show less
CVE-2020-28040 3Canonical DebianWordpress 3Debian Linux Ubuntu LinuxWordpress Jun 17, 2026 Nov 2, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
CVE-2020-11485 1Intel 1Bmc Firmware Jun 17, 2026 Oct 29, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whet...Show more NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.Show less
CVE-2020-16256 1Winstonprivacy 1Winston Firmware Jun 17, 2026 Oct 28, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The API on Winston 1.5.4 devices is vulnerable to CSRF.
CVE-2020-27975 1Oscommerce 1Oscommerce Jun 17, 2026 Oct 28, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
CVE-2020-24847 1Fruitywifi Project 1Fruitywifi Jun 17, 2026 Oct 23, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by...Show more A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.Show less
CVE-2020-18129 1Eyoucms 1Eyoucms Jun 17, 2026 Oct 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2020-24033 1Fs 1S3900 24t4s Firmware Jun 17, 2026 Oct 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator...Show more An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges.Show less
CVE-2020-3456 1Cisco 1Firepower Extensible Operating System Jun 17, 2026 Oct 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected devi...Show more A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.Show less
CVE-2020-5790 1Nagios 1Nagios Xi Jun 17, 2026 Oct 20, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-12502 2Korenix Pepperl Fuchs 23Es7506 Firmware Es7510 Xt FirmwareEs7510 Firmware+20 more Jun 17, 2026 Oct 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and...Show more Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.Show less
CVE-2020-5642 1Onwebchat 1Live Chat Live Support Jun 17, 2026 Oct 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-4773 1Ibm 1Curam Social Program Management Jun 17, 2026 Oct 12, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are c...Show more A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.Show less
CVE-2020-26912 1Netgear 14D6200 Firmware D7000 FirmwareJr6150 Firmware+11 more Jun 17, 2026 Oct 9, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66...Show more Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.Show less
CVE-2020-26522 1Garfield Petshop Project 1Garfield Petshop Jun 17, 2026 Oct 9, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new admini...Show more A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.Show less

Previous 1...324325326...468 Next