Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10696 1Moxa 1Awk 3121 Firmware Nov 21, 2024 Jun 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an at...Show more An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.Show less
CVE-2019-1881 1Cisco 1Industrial Network Director Jun 17, 2026 Jun 5, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary...Show more A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors.Show less
CVE-2019-12616 1Phpmyadmin 1Phpmyadmin Jun 17, 2026 Jun 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <im...Show more An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.Show less
CVE-2019-9883 1Hgiga 8Msr35 Isherlock Base Msr35 Isherlock SysinfoMsr35 Isherlock User+5 more Jun 17, 2026 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=...Show more Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.Show less
CVE-2019-9882 1Hgiga 8Msr35 Isherlock Base Msr35 Isherlock SysinfoMsr35 Isherlock User+5 more Jun 17, 2026 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&ne...Show more Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.Show less
CVE-2019-10326 1Jenkins 1Warnings Next Generation Jun 17, 2026 May 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-10324 1Jfrog 1Artifactory Jun 17, 2026 May 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSub...Show more A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.Show less
CVE-2019-10321 1Jfrog 1Artifactory Jun 17, 2026 May 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified...Show more A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2019-12502 1Mobotix 1S14 Firmware Jun 17, 2026 May 31, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.
CVE-2018-16218 1Yealink 1Ultra Elegant Ip Phone Sip T41p Firmware Nov 21, 2024 May 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the devi...Show more A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.Show less
CVE-2019-12361 1Phome 1Empirecms Jun 17, 2026 May 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php regis...Show more EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.Show less
CVE-2016-10757 1Readaxo 1Readaxo Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
CVE-2016-10756 1Kliqqi 1Kliqqi Cms Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload it...Show more Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.Show less
CVE-2019-10847 1Computrols 1Computrols Building Automation Software Jun 17, 2026 May 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
CVE-2018-19613 1Westermo 3Dr 250 Firmware Dr 260 FirmwareMr 260 Firmware Nov 21, 2024 May 24, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.
CVE-2018-7828 1Schneider Electric 59D6220 Firmware D6220l FirmwareD6230 Firmware+56 more Jun 17, 2026 May 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.Show less
CVE-2019-12253 1Mylittleforum 1My Little Forum Jun 17, 2026 May 21, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
CVE-2019-12239 1Wpbookingsystem 1Wp Booking System Jun 17, 2026 May 20, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
CVE-2018-16136 1Ipbrick 1Ipbrick Os Nov 21, 2024 May 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.
CVE-2018-14711 1Asus 1Rt Ac3200 Firmware Nov 21, 2024 May 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

Previous 1...360361362...468 Next