Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18422 1Usualtool 1Usualtoolcms Nov 21, 2024 Oct 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
CVE-2018-15539 1Agentejo 1Cockpit Nov 21, 2024 Oct 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
CVE-2018-18317 1Dscms Project 1Dscms Nov 21, 2024 Oct 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
CVE-2018-18316 1Emlog 1Emlog Nov 21, 2024 Oct 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
CVE-2018-18215 1Youke365 1Youke 365 Nov 21, 2024 Oct 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
CVE-2018-12456 1Intelbras 1Nplug Firmware Nov 21, 2024 Oct 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access contro...Show more Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.Show less
CVE-2018-13800 1Siemens 1Simatic S7 1200 V4 Firmware Nov 21, 2024 Oct 10, 2018 N/A· v4 7.3 HIGH· v3 4.9 MEDIUM· v2 A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into access...Show more A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.Show less
CVE-2018-18201 1Qibosoft 1Qibosoft Nov 21, 2024 Oct 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
CVE-2018-17858 1Joomla 1Joomla Nov 21, 2024 Oct 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
CVE-2018-18191 1Finecms 1Finecms Nov 21, 2024 Oct 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.
CVE-2018-2474 1Sap 1Fiori Nov 21, 2024 Oct 9, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF...Show more SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.Show less
CVE-2018-15401 1Cisco 1Hosted Collaboration Mediation Fulfillment Nov 21, 2024 Oct 5, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform...Show more A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.Show less
CVE-2018-0451 1Cisco 1Tetration Analytics Nov 21, 2024 Oct 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an a...Show more A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.Show less
CVE-2018-0446 1Cisco 1Network Level Service Nov 21, 2024 Oct 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actio...Show more A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.Show less
CVE-2018-0445 1Cisco 1Packaged Contact Center Enterprise Nov 21, 2024 Oct 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected devi...Show more A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.Show less
CVE-2018-0444 1Cisco 1Packaged Contact Center Enterprise Nov 21, 2024 Oct 5, 2018 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulner...Show more A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.Show less
CVE-2018-0439 1Cisco 1Meeting Server Nov 21, 2024 Oct 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affe...Show more A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.Show less
CVE-2018-17986 1Razorcms 1Razorcms Nov 21, 2024 Oct 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
CVE-2018-5921 1Hp 194A2w75a Firmware A2w76a FirmwareA2w77a Firmware+191 more Jun 17, 2026 Oct 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be...Show more A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.Show less
CVE-2018-17869 1Dasan 1H660gw Firmware Nov 21, 2024 Oct 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DASAN H660GW devices do not implement any CSRF protection mechanism.

Previous 1...371372373...466 Next