Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9341 1Auieo 1Candidats Jun 17, 2026 Feb 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
CVE-2012-2629 1Axous 1Axous Nov 21, 2024 Feb 20, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an admi...Show more Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php.Show less
CVE-2020-3114 1Cisco 1Data Center Network Manager Jun 17, 2026 Feb 19, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected syste...Show more A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.Show less
CVE-2019-12437 1Silverstripe 1Silverstripe Jun 17, 2026 Feb 19, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
CVE-2019-12246 1Silverstripe 1Silverstripe Jun 17, 2026 Feb 19, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
CVE-2020-9271 1Icehrm 1Icehrm Jun 17, 2026 Feb 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
CVE-2020-9270 1Icehrm 1Icehrm Jun 17, 2026 Feb 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
CVE-2020-9267 1Soplanning 1Soplanning Jun 17, 2026 Feb 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
CVE-2020-9266 1Soplanning 1Soplanning Jun 17, 2026 Feb 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
CVE-2020-6844 1Topmanage 1Olk Webstore Jun 17, 2026 Feb 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.
CVE-2013-4227 1Mozilla 1Persona Nov 21, 2024 Feb 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication o...Show more Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.Show less
CVE-2020-5530 1Realestateconnected 1Easy Property Listings Jun 17, 2026 Feb 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-1692 1Moodle 1Moodle Jun 17, 2026 Feb 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
CVE-2013-4792 1Prestashop 1Prestashop Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 3.5 LOW· v2 PrestaShop before 1.4.11 allows logout CSRF.
CVE-2020-1977 1Paloaltonetworks 1Expedition Migration Tool Jun 17, 2026 Feb 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migra...Show more Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.Show less
CVE-2020-2116 1Jenkins 1Pipeline Github Notify Step Jun 17, 2026 Feb 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained throug...Show more A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-20100 1Atlassian 3Jira Jira Data CenterJira Server Jun 17, 2026 Feb 12, 2020 N/A· v4 4.7 MEDIUM· v3 4.3 MEDIUM· v2 The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 b...Show more The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.Show less
CVE-2019-20099 1Atlassian 2Jira Data Center Jira Server Jun 17, 2026 Feb 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrat...Show more The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.Show less
CVE-2019-20098 1Atlassian 2Jira Data Center Jira Server Jun 17, 2026 Feb 12, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administra...Show more The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.Show less
CVE-2012-6721 1Socialengine 1Socialengine Nov 21, 2024 Feb 11, 2020 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.

Previous 1...337338339...468 Next