Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-3135 1Cisco 1Unified Communications Manager Jun 17, 2026 Sep 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected dev...Show more A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.Show less
CVE-2020-3124 1Cisco 1Hosted Collaboration Mediation Fulfillment Jun 17, 2026 Sep 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected...Show more A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.Show less
CVE-2019-16009 1Cisco 2Ios Ios Xe Jun 17, 2026 Sep 23, 2020 N/A· v4 8.8 HIGH· v3 7.6 HIGH· v2 A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due t...Show more A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.Show less
CVE-2020-14025 1Ozeki 1Ozeki Ng Sms Gateway Jun 17, 2026 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password...Show more Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.Show less
CVE-2020-4617 1Ibm 1Data Risk Manager Jun 17, 2026 Sep 22, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...Show more IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.Show less
CVE-2020-14506 1Philips 1Clinical Collaboration Platform Jun 17, 2026 Sep 18, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data saf...Show more Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.Show less
CVE-2020-15182 2Soy Cms Project Soy Inquiry Project 2Soy Cms Soy Inquiry Jun 17, 2026 Sep 17, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers t...Show more The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.Show less
CVE-2020-24373 1Free 5Freebox Delta Firmware Freebox Mini FirmwareFreebox One Firmware+2 more Jun 17, 2026 Sep 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
CVE-2020-13259 1Rad 1Secflow 1v Firmware Jun 17, 2026 Sep 16, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected syst...Show more A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.Show less
CVE-2020-25015 1Genexis 1Platinum 4410 Firmware Jun 17, 2026 Sep 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could...Show more A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.Show less
CVE-2020-2273 1Jenkins 1Elastest Jun 17, 2026 Sep 16, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2020-2268 1Jenkins 1Mongodb Jun 17, 2026 Sep 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
CVE-2020-25453 1Blackcat Cms 1Blackcat Cms Jun 17, 2026 Sep 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
CVE-2020-4526 1Ibm 1Maximo Asset Management Jun 17, 2026 Sep 15, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-F...Show more IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.Show less
CVE-2020-23451 1Spiceworks 1Spiceworks Jun 17, 2026 Sep 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
CVE-2020-10229 1Vtenext 1Vtenext Jun 17, 2026 Sep 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
CVE-2020-23824 1Argosoft 1Mail Server Jun 17, 2026 Sep 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/u...Show more ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.Show less
CVE-2018-19948 1Qnap 1Helpdesk Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions th...Show more The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.Show less
CVE-2020-25252 1Hyland 1Onbase Jun 17, 2026 Sep 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform acti...Show more An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).Show less
CVE-2020-24739 1Idreamsoft 1Icms Jun 17, 2026 Sep 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be dele...Show more A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.Show less

Previous 1...326327328...468 Next