Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-16732 1Chshcms 1Cscms Nov 21, 2024 Sep 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-0647 1Asus 1Wl 330nul Firmware Nov 21, 2024 Sep 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2018-16650 1Phpmyfaq 1Phpmyfaq Nov 21, 2024 Sep 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 phpMyFAQ before 2.9.11 allows CSRF.
CVE-2018-1000669 1Koha 1Koha Nov 21, 2024 Sep 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumbe...Show more KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.Show less
CVE-2018-16552 1Micropyramid 1Django Crm Nov 21, 2024 Sep 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
CVE-2018-15682 1Btiteam 1Xbtit Nov 21, 2024 Sep 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page t...Show more An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.Show less
CVE-2018-15677 1Btiteam 1Xbtit Nov 21, 2024 Sep 5, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
CVE-2018-14769 1Vivotek 1Camera Nov 21, 2024 Sep 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
CVE-2018-16458 1Baigo 1Baigo Cms Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.
CVE-2018-16449 1Onethink 1Onethink Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
CVE-2018-16448 1Chshcms 1Cscms Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web edit...Show more Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.Show less
CVE-2018-16447 1Frogcms Project 1Frogcms Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
CVE-2018-16431 1Yfcmf 1Yfcmf Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
CVE-2018-16416 1Thedaylightstudio 1Fuel Cms Nov 21, 2024 Sep 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
CVE-2018-16387 1Elefantcms 1Elefantcms Nov 21, 2024 Sep 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
CVE-2018-16380 1Digimute 1Ogma Cms Nov 21, 2024 Sep 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
CVE-2018-16366 1Idreamsoft 1Icms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVE-2018-16365 1Idreamsoft 1Icms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVE-2018-16345 1Easycms 1Easycms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVE-2018-16339 1Phome 1Empirecms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.

Previous 1...373374375...466 Next