Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-4231 2Ibm Netapp 2Cognos Analytics Oncommand Insight Jun 17, 2026 Dec 20, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...Show more IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.Show less
CVE-2018-1934 1Ibm 1Cognos Business Intelligence Nov 21, 2024 Dec 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force...Show more IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179.Show less
CVE-2019-19915 1Webfactoryltd 1301 Redirects Jun 17, 2026 Dec 19, 2019 N/A· v4 9.0 CRITICAL· v3 6.0 MEDIUM· v2 The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=...Show more The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.Show less
CVE-2019-17633 1Eclipse 1Che Jun 17, 2026 Dec 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually...Show more For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.Show less
CVE-2019-19833 1Tautulli 1Tautulli Jun 17, 2026 Dec 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
CVE-2019-19832 1Xerox 1Altalink C8035 Firmware Jun 17, 2026 Dec 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
CVE-2019-11657 1Microfocus 1Arcsight Logger Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
CVE-2019-16575 1Jenkins 1Alauda Kubernetes Support Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through a...Show more A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.Show less
CVE-2019-16573 1Jenkins 1Alauda Devops Pipeline Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through ano...Show more A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-16570 1Jenkins 1Rapiddeploy Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
CVE-2019-16569 1Jenkins 1Mantis Jun 17, 2026 Dec 17, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.
CVE-2019-16565 1Jenkins 1Team Concert Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...Show more A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-16560 1Jenkins 1Websphere Deployer Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenk...Show more A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.Show less
CVE-2019-16553 1Jenkins 1Build Failure Analyzer Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
CVE-2019-16551 1Jenkins 1Gerrit Trigger Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
CVE-2019-16550 1Jenkins 1Maven Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML do...Show more A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.Show less
CVE-2017-18107 1Atlassian 1Crowd Nov 21, 2024 Dec 17, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please...Show more Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.Show less
CVE-2014-0197 1Redhat 2Cloudforms Cloudforms Management Engine Nov 21, 2024 Dec 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CFME: CSRF protection vulnerability via permissive check of the referrer header
CVE-2019-13930 1Siemens 1Xhq Jun 17, 2026 Dec 12, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successfu...Show more A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-15934 1Intesync 1Solismed Jun 17, 2026 Dec 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Intesync Solismed 3.3sp has CSRF.

Previous 1...342343344...468 Next