Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-16338 1Auracms 1Auracms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
CVE-2018-16337 1Chshcms 1Cscms Nov 21, 2024 Sep 2, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
CVE-2018-16332 1Idreamsoft 1Icms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
CVE-2018-16331 1Damicms 1Damicms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
CVE-2018-16315 1Bijiadao 1Waimai Super Cms Nov 21, 2024 Sep 1, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
CVE-2018-16314 1Icmsdev 1Icms Nov 21, 2024 Sep 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this...Show more An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.Show less
CVE-2018-11718 1Xovis 3Pc2 Firmware Pc2r FirmwarePc3 Firmware Nov 21, 2024 Aug 30, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
CVE-2018-15121 1Auth0 2Aspnet Aspnet Owin Nov 21, 2024 Aug 29, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF...Show more An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.Show less
CVE-2018-15901 1E107 1E107 Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVE-2018-15884 1Ricoh 1Mp C4504ex Firmware Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
CVE-2014-6046 1Phpmyfaq 1Phpmyfaq Nov 21, 2024 Aug 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improp...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.Show less
CVE-2018-15851 1Flexocms Project 1Flexo Cms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.
CVE-2018-15850 1Redaxo 1Redaxo Cms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
CVE-2018-15849 1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Aug 25, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
CVE-2018-15848 1Portfoliocms Project 1Portfoliocms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
CVE-2018-15846 1Fledrcms Project 1Fledrcms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
CVE-2018-15845 1Gleezcms 1Gleez Cms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
CVE-2018-15844 1Damicms 1Damicms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
CVE-2018-11502 1Moderator Log Notes Project 1Moderator Log Notes Nov 21, 2024 Aug 24, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the m...Show more An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.Show less
CVE-2018-10884 1Redhat 1Ansible Tower Nov 21, 2024 Aug 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malici...Show more Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.Show less

Previous 1...374375376...466 Next