CWE-352
9,334 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,334)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified ser...Show more |
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-sp...Show more |
1Jenkins 1Zephyr Enterprise Test Management Jun 17, 2026 Apr 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specifi...Show more |
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
1Jenkins 1Openshift Deployer Jun 17, 2026 Apr 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an att...Show more |
1Jenkins 1Vmware Lab Manager Slaves Jun 17, 2026 Apr 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-spe...Show more |
1Jenkins 1Audit To Database Jun 17, 2026 Apr 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-sp...Show more |
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. |
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary...Show more |
1Ibm 1Security Privileged Identity Manager Nov 21, 2024 Apr 2, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we...Show more |
1Redhat 1Openshift Container Platform Jun 17, 2026 Apr 1, 2019 N/A· v4 6.3 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a sepa...Show more |
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. |
1Grandstream 5Gac2500 Firmware Gvc3202 FirmwareGxp2200 Firmware+2 moreJun 17, 2026 Mar 30, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manage...Show more |
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. |
1Online Lottery Php Readymade Script Project 1Online Lottery Php Readymade Script Jun 17, 2026 Mar 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. |
1F5 1Big Ip Application Security Manager Jun 17, 2026 Mar 28, 2019 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst...Show more |
1Jenkins 1Fortify On Demand Uploader Jun 17, 2026 Mar 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. |
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...Show more |
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. |
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. Th...Show more |