Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-15569 1Mylittleforum 1My Little Forum Nov 21, 2024 Aug 20, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 my little forum 2.4.12 allows CSRF for deletion of users.
CVE-2018-15568 1Tp5cms Project 1Tp5cms Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
CVE-2018-15565 1Simple Cms Project 1Simple Cms Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
CVE-2018-15564 1Simple Cms Project 1Simple Cms Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
CVE-2018-14057 1Pimcore 1Pimcore Nov 21, 2024 Aug 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
CVE-2018-1712 1Ibm 1Api Connect Nov 21, 2024 Aug 16, 2018 N/A· v4 9.9 CRITICAL· v3 7.5 HIGH· v2 IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls...Show more IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.Show less
CVE-2018-1455 1Ibm 1Tivoli Application Dependency Discovery Manager Nov 21, 2024 Aug 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w...Show more IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.Show less
CVE-2018-13394 1Atlassian 1Questions For Confluence Nov 21, 2024 Aug 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify...Show more The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.Show less
CVE-2018-13393 1Atlassian 1Questions For Confluence Nov 21, 2024 Aug 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers...Show more The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.Show less
CVE-2018-2442 1Sap 2Businessobjects Business Intelligence Internet Graphics Server Nov 21, 2024 Aug 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML pag...Show more In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.Show less
CVE-2018-7097 1Hp 13par Service Provider Jun 17, 2026 Aug 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.
CVE-2018-14783 1Netcommwireless 1Nwl 25 Firmware Nov 21, 2024 Aug 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.
CVE-2018-15187 1Advanced Real Estate Script Project 1Advanced Real Estate Script Nov 21, 2024 Aug 10, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
CVE-2018-15186 1Chartered Accountant \ 1 Auditor Website Project Nov 21, 2024 Aug 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.
CVE-2018-15203 1Ignitedcms 1Ignitedcms Nov 21, 2024 Aug 8, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.
CVE-2018-15202 1Juunan06 1Ecommerce Nov 21, 2024 Aug 8, 2018 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.
CVE-2018-15198 1Onethink 1Onethink Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
CVE-2018-15197 1Onethink 1Onethink Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
CVE-2018-15193 1Gogs 1Gogs Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
CVE-2018-15177 1Gxlcms 1Gxlcms Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.

Previous 1...375376377...466 Next