Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,356)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18768 1Netgear 6Ex6100 Firmware Ex6150 FirmwareEx6200 Firmware+3 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and...Show more Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.Show less
CVE-2017-18782 1Netgear 18D6200 Firmware D7000 FirmwareJnr1010 Firmware+15 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 befor...Show more Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Show less
CVE-2017-18781 1Netgear 18D6200 Firmware D7000 FirmwareJnr1010 Firmware+15 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 befor...Show more Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Show less
CVE-2017-18775 1Netgear 6R6100 Firmware R7500 FirmwareWndr3700 Firmware+3 more Nov 21, 2024 Apr 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, an...Show more Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.Show less
CVE-2017-18791 1Netgear 13D7000 Firmware Jnr1010 FirmwareJr6150 Firmware+10 more Nov 21, 2024 Apr 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WN...Show more Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.Show less
CVE-2017-18848 1Netgear 4Ac1450 Firmware R6300 FirmwareR7300 Firmware+1 more Nov 21, 2024 Apr 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
CVE-2017-18842 1Netgear 5D2200d Firmware D2200dw 1frnas FirmwareDgn2200 Firmware+2 more Nov 21, 2024 Apr 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.
CVE-2017-18852 1Netgear 4R7300dst Firmware R8300 FirmwareR8500 Firmware+1 more Nov 21, 2024 Apr 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.
CVE-2020-11825 1Dolibarr 1Dolibarr Erp/crm Jun 17, 2026 Apr 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation...Show more In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.Show less
CVE-2020-11818 1Rukovoditel 1Rukovoditel Jun 17, 2026 Apr 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF atta...Show more In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.Show less
CVE-2019-20691 1Netgear 12D3600 Firmware D6000 FirmwareEx3700 Firmware+9 more Jun 17, 2026 Apr 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0...Show more Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.Show less
CVE-2020-3261 1Cisco 176300 Series Access Points Firmware Aironet 1542d FirmwareAironet 1542i Firmware+14 more Jun 17, 2026 Apr 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vu...Show more A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.Show less
CVE-2020-11003 1Fraction 1Oasis Jun 17, 2026 Apr 14, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use...Show more Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.Show less
CVE-2020-11706 1Provideserver 1Provide Ftp Server Jun 17, 2026 Apr 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Servi...Show more An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server.Show less
CVE-2020-11701 1Provideserver 1Provide Ftp Server Jun 17, 2026 Apr 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.
CVE-2019-18376 1Symantec 1Management Center Jun 17, 2026 Apr 10, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tok...Show more A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.Show less
CVE-2020-11553 1Castlerock 1Snmpc Online Jun 17, 2026 Apr 9, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
CVE-2020-5549 1Plathome 2Easyblocks Ipv6 Enterprise Firmware Easyblocks Ipv6 Firmware Jun 17, 2026 Apr 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vecto...Show more Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.Show less
CVE-2020-11627 1Primekey 1Ejbca Jun 17, 2026 Apr 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.
CVE-2020-5391 1Auth0 1Wp Auth0 Jun 17, 2026 Apr 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.

Previous 1...333334335...468 Next