Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,356)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-19517 1Intelbras 1Action Rf 1200 Firmware Jun 17, 2026 May 5, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
CVE-2020-5335 1Rsa 1Archer Jun 17, 2026 May 4, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to...Show more RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.Show less
CVE-2020-12626 2Debian Roundcube 2Debian Linux Webmail Jun 17, 2026 May 4, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
CVE-2019-0235 1Apache 1Ofbiz Jun 17, 2026 Apr 30, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
CVE-2020-12462 1Ninjaforms 1Ninja Forms Jun 17, 2026 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVE-2017-18861 1Netgear 1Readynas Surveillance Nov 21, 2024 Apr 28, 2020 N/A· v4 8.0 HIGH· v3 7.9 HIGH· v2 Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
CVE-2016-11055 1Netgear 13Cm400 Firmware Cm600 FirmwareD1500 Firmware+10 more Nov 21, 2024 Apr 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR20...Show more Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.Show less
CVE-2018-21096 1Netgear 11Wac120 Firmware Wac505 FirmwareWac510 Firmware+8 more Nov 21, 2024 Apr 27, 2020 N/A· v4 7.4 HIGH· v3 4.9 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before...Show more Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.Show less
CVE-2019-4750 1Ibm 1Cloud App Management Jun 17, 2026 Apr 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM...Show more IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310.Show less
CVE-2017-18703 1Netgear 28D1500 Firmware D500 FirmwareD6100 Firmware+25 more Nov 21, 2024 Apr 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1...Show more Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.Show less
CVE-2017-18708 1Netgear 2R8300 Firmware R8500 Firmware Nov 21, 2024 Apr 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.
CVE-2018-21160 1Netgear 1Readynas Os Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.
CVE-2018-21102 1Netgear 1Readynas Os Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.
CVE-2017-18749 1Netgear 16Jnr1010 Firmware Jr6150 FirmwareJwnr2010 Firmware+13 more Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before...Show more Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Show less
CVE-2017-18742 1Netgear 10Jr6150 Firmware R6050 FirmwareR6250 Firmware+7 more Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0...Show more Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.Show less
CVE-2020-12076 1Supsystic 1Data Tables Generator Jun 17, 2026 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
CVE-2020-10892 1Foxitsoftware 2Phantompdf Reader Jun 17, 2026 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the CombineFiles command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9830.Show less
CVE-2020-10890 1Foxitsoftware 2Phantompdf Reader Jun 17, 2026 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the ConvertToPDF command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9829.Show less
CVE-2017-18755 1Netgear 15Dgn2200 Firmware Dgnd2200b FirmwareJr6150 Firmware+12 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0...Show more Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.Show less
CVE-2018-21120 1Netgear 11Wac120 Firmware Wac505 FirmwareWac510 Firmware+8 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before...Show more Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.Show less

Previous 1...332333334...468 Next