Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,358)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-2237 1Jenkins 1Flaky Test Handler Jun 17, 2026 Aug 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
CVE-2020-2235 1Jenkins 1Pipeline Maven Integration Jun 17, 2026 Aug 12, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obta...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.Show less
CVE-2020-7029 1Avaya 2Aura Communication Manager Aura Messaging Jun 17, 2026 Aug 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenti...Show more A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.Show less
CVE-2020-12781 1Combodo 1Itop Jun 17, 2026 Aug 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
CVE-2020-16253 1Pghero Project 1Pghero Jun 17, 2026 Aug 5, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The PgHero gem through 2.6.0 for Ruby allows CSRF.
CVE-2020-16252 1Field Test Project 1Field Test Jun 17, 2026 Aug 5, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
CVE-2020-15135 1Save Server Project 1Save Server Jun 17, 2026 Aug 4, 2020 N/A· v4 7.6 HIGH· v3 6.8 MEDIUM· v2 save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0...Show more save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user's files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7.Show less
CVE-2020-5615 2Calendar01 Project Calendar02 Project 2Calendar01 Calendar02 Jun 17, 2026 Aug 4, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5770 1Teltonika Networks 1Trb245 Firmware Jun 17, 2026 Aug 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-14319 1Redhat 2Amq Online Enmasse Jun 17, 2026 Aug 3, 2020 N/A· v4 5.9 MEDIUM· v3 4.0 MEDIUM· v2 It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an old...Show more It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.Show less
CVE-2020-10984 1Gambio 1Gambio Gx Jun 17, 2026 Jul 28, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVE-2020-5611 1Wpsocialrocket 1Social Sharing Jun 17, 2026 Jul 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-15882 1Munkireport Project 1Munkireport Jun 17, 2026 Jul 23, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.
CVE-2020-5767 1Icegram 1Email Subscribers & Newsletters Jun 17, 2026 Jul 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.
CVE-2020-11438 1Librehealth 1Librehealth Ehr Jun 17, 2026 Jul 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-15700 1Joomla 1Joomla Jun 17, 2026 Jul 15, 2020 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
CVE-2020-15695 1Joomla 1Joomla Jun 17, 2026 Jul 15, 2020 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
CVE-2019-12784 1Verint 1Impact 360 Jun 17, 2026 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" b...Show more An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.Show less
CVE-2020-6289 1Sap 1Disclosure Management Jun 17, 2026 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
CVE-2020-15711 2Misp Misp Project 2Misp Misp Jun 22, 2026 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.

Previous 1...328329330...468 Next