Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8234 1Adobe 1Experience Manager Jun 17, 2026 Oct 25, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-18414 1Sourcecodester 1Restaurant Management System Jun 17, 2026 Oct 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator...Show more Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.Show less
CVE-2019-12095 1Horde 1Groupware Jun 17, 2026 Oct 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags co...Show more Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.Show less
CVE-2019-9597 1Darktrace 1Enterprise Immune System Jun 17, 2026 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.
CVE-2019-9596 1Darktrace 1Enterprise Immune System Jun 17, 2026 Oct 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.
CVE-2019-18280 1Online Grading System Project 1Online Grading System Jun 17, 2026 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code...Show more Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI.Show less
CVE-2019-18220 1Sitemagic 1Sitemagic Jun 17, 2026 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This...Show more Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.Show less
CVE-2019-10471 1Jenkins 1Libvirt Slaves Jun 17, 2026 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, captur...Show more A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-10468 1Jenkins 1Kubernetes Ci Jun 17, 2026 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...Show more A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-10464 1Jenkins 1Deploy Weblogic Jun 17, 2026 Oct 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an...Show more A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.Show less
CVE-2019-10462 1Jenkins 1Dynatrace Application Monitoring Jun 17, 2026 Oct 23, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2015-9498 1Wpserveur 1Wps Hide Login Nov 21, 2024 Oct 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
CVE-2015-9497 1Ad Inserter Project 1Ad Inserter Nov 21, 2024 Oct 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
CVE-2019-17367 1Openwrt 1Openwrt Jun 17, 2026 Oct 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under...Show more OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.Show less
CVE-2019-17118 1Wikidsystems 12fa Enterprise Server Jun 17, 2026 Oct 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete gr...Show more A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.Show less
CVE-2019-17676 1Metinfo 1Metinfo Jun 17, 2026 Oct 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.
CVE-2019-17675 2Debian Wordpress 2Debian Linux Wordpress Jun 17, 2026 Oct 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
CVE-2019-12636 1Cisco 108Sf200 24 Firmware Sf200 24fp FirmwareSf200 24p Firmware+105 more Jun 17, 2026 Oct 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affecte...Show more A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.Show less
CVE-2019-10456 1Jenkins 1Oracle Cloud Infrastructure Compute Classic Jun 17, 2026 Oct 16, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-10454 1Jenkins 1Rundeck Jun 17, 2026 Oct 16, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Previous 1...345346347...468 Next