Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,352)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8985 1Zend 1Zendto Jun 17, 2026 Mar 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
CVE-2020-7005 1Honeywell 1Win Pak Jun 17, 2026 Mar 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
CVE-2019-19025 2Linuxfoundation Pivotal 2Harbor Vmware Harbor Registry Jun 17, 2026 Mar 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-16068 1Netsas 1Enigma Network Management Solution Jun 17, 2026 Mar 19, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or a...Show more A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.Show less
CVE-2020-10671 1Canon 1Oce Colorwave 500 Firmware Jun 17, 2026 Mar 19, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative...Show more The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.Show less
CVE-2019-12769 1Solarwinds 1Serv U Managed File Transfer Jun 17, 2026 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
CVE-2020-4199 1Ibm 1Tivoli Netcool/omnibus Jun 17, 2026 Mar 18, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 17...Show more IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.Show less
CVE-2018-21037 1Intelliants 1Subrion Nov 21, 2024 Mar 17, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
CVE-2020-9346 1Zohocorp 1Manageengine Password Manager Pro Jun 17, 2026 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
CVE-2020-6585 1Nagios 1Nagios Jun 17, 2026 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Nagios Log Server 2.1.3 has CSRF.
CVE-2020-10241 1Joomla 1Joomla Jun 17, 2026 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
CVE-2020-10568 1Onthegosystems 1Sitepress Multilingual Cms Jun 17, 2026 Mar 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverag...Show more The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.Show less
CVE-2019-13199 1Kyocera 1Ecosys M5526cdw Firmware Jun 17, 2026 Mar 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
CVE-2019-13170 1Xerox 1Phaser 3320 Firmware Jun 17, 2026 Mar 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
CVE-2019-13395 1Netgear 1Cg3700b Firmware Jun 17, 2026 Mar 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an e...Show more The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.Show less
CVE-2020-10540 1Untis 1Webuntis Jun 17, 2026 Mar 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.
CVE-2019-17653 1Fortinet 1Fortisiem Jun 17, 2026 Mar 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by per...Show more A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.Show less
CVE-2020-10504 1Chadhaajay 1Phpkb Jun 17, 2026 Mar 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.
CVE-2020-10503 1Chadhaajay 1Phpkb Jun 17, 2026 Mar 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
CVE-2020-10502 1Chadhaajay 1Phpkb Jun 17, 2026 Mar 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.

Previous 1...334335336...468 Next