CWE-352
9,314 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,314)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Cisco 1Unified Intelligence Center Jun 17, 2026 Jan 24, 2019 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actio...Show more |
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. |
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. |
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. |
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. |
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. |
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. |
Zenbership v107 has CSRF via admin/cp-functions/event-add.php. |
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. |
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. |
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. |
1Jenkins 1Email Extension Template Nov 21, 2024 Jan 9, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. |
1Jenkins 1Config File Provider Nov 21, 2024 Jan 9, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file defi...Show more |
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. |
TEMMOKU T1.09 Beta allows admin/user/add CSRF. |
1Asthis 1Universal Website Asthis Nov 21, 2024 Dec 30, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. |
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. |
UCMS 1.4.7 has ?do=user_addpost CSRF. |
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user...Show more |
1Orange 1Arv7519rw22 Livebox 2.1 Firmware Nov 21, 2024 Dec 28, 2018 N/A· v4 9.1 CRITICAL· v3 9.4 HIGH· v2 Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44...Show more |