Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18651 13xlogic 1Infinias Access Control Firmware Jun 17, 2026 Nov 14, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a...Show more A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.Show less
CVE-2013-3366 1Trendnet 1Tew 812dru Firmware Nov 21, 2024 Nov 13, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
CVE-2019-18884 1Fairsketch 1Rise Ultimate Project Manager Jun 17, 2026 Nov 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.
CVE-2013-3516 1Netgear 2Wnr3500l Firmware Wnr3500u Firmware Nov 21, 2024 Nov 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
CVE-2012-4385 2Debian Trilexnet 2Debian Linux Letodms Nov 21, 2024 Nov 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 letodms 3.3.6 has CSRF via change password
CVE-2014-3655 1Redhat 2Jboss Enterprise Web Server Keycloak Nov 21, 2024 Nov 13, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVE-2010-3305 1Pixelpost 1Pixelpost Nov 21, 2024 Nov 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
CVE-2019-17237 1Getigniteup 1Igniteup Jun 17, 2026 Nov 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
CVE-2019-18411 1Zohocorp 1Manageengine Adselfservice Plus Jun 17, 2026 Nov 6, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and...Show more Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.Show less
CVE-2019-18650 1Joomla 1Joomla Jun 17, 2026 Nov 6, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVE-2019-8155 1Magento 1Magento Jun 17, 2026 Nov 6, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
CVE-2019-8109 1Magento 1Magento Jun 17, 2026 Nov 5, 2019 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution...Show more A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.Show less
CVE-2013-6275 2Debian Horde 2Debian Linux Groupware Nov 21, 2024 Nov 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
CVE-2013-6365 3Debian HordeOpensuse 3Debian Linux GroupwareOpensuse Nov 21, 2024 Nov 5, 2019 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVE-2013-6364 2Debian Horde 2Debian Linux Groupware Nov 21, 2024 Nov 5, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVE-2019-13497 1Oneidentity 1Cloud Access Manager Jun 17, 2026 Nov 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.
CVE-2019-18206 1Zucchetti 1Infobusiness Jun 17, 2026 Oct 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
CVE-2019-9926 1Labkey 1Labkey Server Jun 17, 2026 Oct 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.
CVE-2010-4241 1Tiki 1Tikiwiki Cms/groupware Nov 21, 2024 Oct 28, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Tiki Wiki CMS Groupware 5.2 has CSRF
CVE-2013-4848 1Tp Link 1Tl Wdr4300 Firmware Nov 21, 2024 Oct 25, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.

Previous 1...344345346...468 Next