Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6320 1Hp 8Deskjet 3630 F5s43a Firmware Deskjet 3630 F5s57a FirmwareDeskjet 3630 K4t93a Firmware+5 more Jun 17, 2026 Jan 9, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability t...Show more Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.Show less
CVE-2011-5250 1Prophecyinternational 1Snare Nov 21, 2024 Jan 8, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Snare for Linux before 1.7.0 has CSRF in the web interface.
CVE-2019-20077 1Typesettercms 1Typesetter Jun 17, 2026 Jan 5, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
CVE-2014-5516 1Konakart 1Konakart Nov 21, 2024 Jan 3, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a u...Show more Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.Show less
CVE-2014-3590 1Redhat 1Satellite Nov 21, 2024 Jan 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVE-2013-3935 1Opsview 2Opsview Opsview Core Nov 21, 2024 Jan 2, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator p...Show more Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.Show less
CVE-2015-5595 1Zenphoto 1Zenphoto Nov 21, 2024 Dec 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumpt...Show more Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).Show less
CVE-2019-12273 1Outsystems 1Outsystems Jun 17, 2026 Dec 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a .outsystemsenterprise.com domain...Show more OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a .outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability existsShow less
CVE-2013-0196 1Redhat 1Openshift Nov 21, 2024 Dec 30, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Au...Show more A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.Show less
CVE-2019-19737 1Mfscripts 1Yetishare Jun 17, 2026 Dec 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.
CVE-2019-20071 1Netis Systems 1Dl4343 Firmware Jun 17, 2026 Dec 30, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
CVE-2014-3136 1Dlink 1Dwr 113 Firmware Nov 21, 2024 Dec 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password...Show more Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.Show less
CVE-2013-4665 1Spbas 1Business Automation Software Nov 21, 2024 Dec 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SPBAS Business Automation Software 2012 has CSRF.
CVE-2019-19995 1Intelbras 1Iwr 3000n Firmware Jun 17, 2026 Dec 26, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
CVE-2019-16326 1Dlink 1Dir 601 Firmware Jun 17, 2026 Dec 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE...Show more D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.Show less
CVE-2019-6030 1Custom Body Class Project 1Custom Body Class Jun 17, 2026 Dec 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-6027 1Wpspellcheck 1Wpspellcheck Jun 17, 2026 Dec 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-19981 1Icegram 1Email Subscribers & Newsletters Jun 17, 2026 Dec 26, 2019 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
CVE-2019-19979 1Wp Maintenance Project 1Wp Maintenance Jun 17, 2026 Dec 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
CVE-2019-4736 1Ibm 1Financial Transaction Manager For Multiplatform Jun 17, 2026 Dec 20, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force I...Show more IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.Show less

Previous 1...341342343...468 Next