Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19332 1S Cms 1S Cms Nov 21, 2024 Nov 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
CVE-2018-19327 1Jtbc 1Jtbc Php Nov 21, 2024 Nov 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19319 1Srcms Project 1Srcms Nov 21, 2024 Nov 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
CVE-2018-19318 1Srcms Project 1Srcms Nov 21, 2024 Nov 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
CVE-2018-18799 1School Attendance Monitoring System Project 1School Attendance Monitoring System Nov 21, 2024 Nov 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
CVE-2018-18797 1School Attendance Monitoring System Project 1School Attendance Monitoring System Nov 21, 2024 Nov 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
CVE-2018-18794 1School Event Management System Project 1School Event Management System Nov 21, 2024 Nov 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
CVE-2018-18760 1Saltos 1Rhinos Jun 5, 2025 Nov 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 RhinOS 3.0 build 1190 allows CSRF.
CVE-2018-19291 1Dilicms 1Dilicms Nov 21, 2024 Nov 15, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
CVE-2018-12416 1Tibco 1Datasynapse Gridserver Manager Nov 21, 2024 Nov 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery...Show more The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.Show less
CVE-2018-19225 1Laobancms 1Laobancms Nov 21, 2024 Nov 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
CVE-2018-19192 1Xiaocms 1Xiaocms Nov 21, 2024 Nov 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter.
CVE-2018-19135 1Clippercms 1Clippercms Nov 21, 2024 Nov 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vu...Show more ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.Show less
CVE-2017-17550 1Zyxel 1Zywall Usg 100 Firmware Nov 21, 2024 Nov 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored X...Show more ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.Show less
CVE-2018-19138 1Wstmart 1Wstmart Nov 21, 2024 Nov 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
CVE-2018-15445 1Cisco 1Energy Management Suite Software Nov 21, 2024 Nov 8, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary ac...Show more A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.Show less
CVE-2018-19104 1Bagesoft 1Bagecms Nov 21, 2024 Nov 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
CVE-2018-12415 1Tibco 1Enterprise Message Service Nov 21, 2024 Nov 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Editio...Show more The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.Show less
CVE-2018-12414 1Tibco 5Rendezvous Rendezvous For Z/linuxRendezvous For Z/os+2 more Nov 21, 2024 Nov 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO...Show more The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.Show less
CVE-2018-12413 1Tibco 1Messaging Apache Kafka Distribution Schema Repository Nov 21, 2024 Nov 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema R...Show more The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.Show less

Previous 1...369370371...466 Next