Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-3959 1Wallaceit 1Wallacepos Jun 17, 2026 Jul 31, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2018-20872 1I Lan 1Draytekl Firmware Nov 21, 2024 Jul 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
CVE-2019-10359 1Jenkins 1M2release Jun 17, 2026 Jul 31, 2019 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
CVE-2019-14327 1Custom Simple Rss Project 1Custom Simple Rss Jun 17, 2026 Jul 30, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings.
CVE-2016-10766 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 edx-platform before 2016-06-06 allows CSRF.
CVE-2019-14328 1Simple Membership Plugin 1Simple Membership Jun 17, 2026 Jul 28, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
CVE-2019-14228 1Angry Frog 1Xavier Jun 17, 2026 Jul 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the uns...Show more Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.Show less
CVE-2019-4212 1Ibm 1Qradar Security Information And Event Manager Jun 17, 2026 Jul 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.
CVE-2019-11712 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Jul 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerab...Show more POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.Show less
CVE-2019-14240 1Wcms 1Wcms Jun 17, 2026 Jul 23, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
CVE-2019-12934 1Wp Code Highlightjs Project 1Wp Code Highlightjs Jun 17, 2026 Jul 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css para...Show more An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.Show less
CVE-2018-17792 1Altn 1Mdaemon Webmail Nov 21, 2024 Jul 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MDaemon Webmail (formerly WorldClient) has CSRF.
CVE-2019-13974 1Layerbb 1Layerbb Jun 17, 2026 Jul 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
CVE-2019-7953 1Adobe 1Experience Manager Jun 17, 2026 Jul 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-13961 1Flatcore 1Flatcore Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
CVE-2019-1010112 1Phpcoo 1Oecms Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connec...Show more OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.Show less
CVE-2019-9231 1Audiocodes 4Mediant 500 Mbsr Firmware Mediant 500l Msbr FirmwareMediant 800c Msbr Firmware+1 more Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web int...Show more An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.Show less
CVE-2019-13949 1Syguestbook A5 Project 1Syguestbook A5 Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.
CVE-2019-1010096 1Domainmod 1Domainmod Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vect...Show more DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.Show less
CVE-2019-1010095 1Domainmod 1Domainmod Jun 17, 2026 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After...Show more DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.Show less

Previous 1...356357358...468 Next