Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-26802 1Formalms 1Formalms Jun 17, 2026 Oct 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeov...Show more forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.Show less
CVE-2020-2296 1Jenkins 1Shared Objects Jun 17, 2026 Oct 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.
CVE-2020-2295 1Barchart 1Maven Cascade Release Jun 17, 2026 Oct 8, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
CVE-2020-25263 1Pyrocms 1Pyrocms Jun 17, 2026 Oct 8, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVE-2020-25262 1Pyrocms 1Pyrocms Jun 17, 2026 Oct 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
CVE-2020-25986 1Monocms 1Monocms Jun 17, 2026 Oct 6, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.
CVE-2020-12123 1Wavlink 1Wn530h4 Firmware Jun 17, 2026 Oct 2, 2020 N/A· v4 8.1 HIGH· v3 7.8 HIGH· v2 CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authentica...Show more CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.Show less
CVE-2020-5786 1Teltonika Networks 1Trb245 Firmware Jun 17, 2026 Oct 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-24570 1Mbconnectline 2Mbconnect24 Mymbconnect24 Jun 17, 2026 Sep 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged...Show more An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.Show less
CVE-2020-13658 1Lansweeper 1Lansweeper Jun 17, 2026 Sep 30, 2020 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.
CVE-2020-25142 1Observium 1Observium Jun 17, 2026 Sep 25, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests...Show more An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.Show less
CVE-2020-23837 1Multi User Project 1Multi User Jun 17, 2026 Sep 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on...Show more A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.Show less
CVE-2020-12841 1Gogogate 1Ismartgate Pro Firmware Jun 17, 2026 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
CVE-2020-12840 1Gogogate 1Ismartgate Pro Firmware Jun 17, 2026 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
CVE-2020-12282 1Gogogate 1Ismartgate Pro Firmware Jun 17, 2026 Sep 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
CVE-2020-12281 1Gogogate 1Ismartgate Pro Firmware Jun 17, 2026 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
CVE-2020-12280 1Gogogate 1Ismartgate Pro Firmware Jun 17, 2026 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.
CVE-2020-5783 1Ignitenet 1Helios Glinq Jun 17, 2026 Sep 23, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
CVE-2020-2281 1Jenkins 1Lockable Resources Jun 17, 2026 Sep 23, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
CVE-2020-2280 1Jenkins 1Warnings Jun 17, 2026 Sep 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.

Previous 1...325326327...468 Next