Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14680 1Mijnpress 1Admin Renamer Extended Jun 17, 2026 Aug 8, 2019 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.
CVE-2019-14679 1Reputeinfosystems 1Arprice Lite Jun 17, 2026 Aug 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
CVE-2019-1958 1Cisco 1Hyperflex Hx Data Platform Jun 17, 2026 Aug 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerabi...Show more A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.Show less
CVE-2019-10388 1Jenkins 1Relution Enterprise Appstore Publisher Jun 17, 2026 Aug 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVE-2019-10386 1Jenkins 1Xl Testview Jun 17, 2026 Aug 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL usi...Show more A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-10368 1Jenkins 1Jclouds Jun 17, 2026 Aug 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read a...Show more A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2016-10861 1Neetcables 1Airstream Nas Firmware Nov 21, 2024 Aug 7, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
CVE-2019-14703 1Microdigital 3Mdc N2190v Firmware Mdc N4090 FirmwareMdc N4090w Firmware Jun 17, 2026 Aug 6, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.
CVE-2019-14346 1Schben 1Adive Jun 17, 2026 Aug 6, 2019 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
CVE-2019-14551 1Daskeyboard 1Das Q Software Jun 17, 2026 Aug 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of c...Show more Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.Show less
CVE-2019-7947 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to...Show more A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.Show less
CVE-2019-7874 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
CVE-2019-7873 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 4.3 MEDIUM· v3 5.8 MEDIUM· v2 A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.
CVE-2019-7865 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or...Show more A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.Show less
CVE-2019-7857 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust a...Show more A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.Show less
CVE-2019-7851 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
CVE-2019-10176 1Redhat 1Openshift Container Platform Jun 17, 2026 Aug 2, 2019 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability...Show more A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.Show less
CVE-2013-7473 1Windu 1Windu Cms Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.
CVE-2018-10899 2Jolokia Redhat 2Jolokia Openstack Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer header...Show more A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.Show less
CVE-2019-10186 1Moodle 1Moodle Jun 17, 2026 Jul 31, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

Previous 1...355356357...468 Next