Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-0402 1Cisco 2Unified Contact Center Express Unified Ip Interactive Voice Response Nov 21, 2024 Jul 18, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack....Show more Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.Show less
CVE-2018-14331 1Xiaocms 1Xiaocms X1 Nov 21, 2024 Jul 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
CVE-2018-14069 1Srcms Project 1Srcms Nov 21, 2024 Jul 15, 2018 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
CVE-2018-14068 1Srcms Project 1Srcms Nov 21, 2024 Jul 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
CVE-2016-6578 1Filecloud 1Filecloud Nov 21, 2024 Jul 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim ha...Show more CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.Show less
CVE-2016-6557 1Asus 7Ea N66 Firmware Rp Ac52 FirmwareRp Ac56 Firmware+4 more Nov 21, 2024 Jul 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An atta...Show more In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.Show less
CVE-2018-1000206 1Jfrog 1Artifactory Nov 21, 2024 Jul 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This a...Show more JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.Show less
CVE-2018-14029 1Creatiwity 1Witycms Nov 21, 2024 Jul 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
CVE-2018-14014 1Super Cms Project 1Super Cms Nov 21, 2024 Jul 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
CVE-2018-12540 1Eclipse 1Vert.x Nov 21, 2024 Jul 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not...Show more In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.Show less
CVE-2018-10895 1Qutebrowser 1Qutebrowser Nov 21, 2024 Jul 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then s...Show more qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.Show less
CVE-2018-10232 1Topdesk 1Topdesk Nov 21, 2024 Jul 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain s...Show more Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors.Show less
CVE-2018-13989 1Arcelikas 1Grundig Smart Inter@ctive Firmware Nov 21, 2024 Jul 11, 2018 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the d...Show more Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.Show less
CVE-2018-13793 1Abbyy 1Flexicapture Nov 21, 2024 Jul 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...Show more Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.Show less
CVE-2018-13445 1Seacms 1Seacms Nov 21, 2024 Jul 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
CVE-2018-13444 1Seacms 1Seacms Nov 21, 2024 Jul 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.
CVE-2018-11349 1Jirafeau 1Jirafeau Nov 21, 2024 Jul 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
CVE-2018-13407 1Jirafeau 1Jirafeau Nov 21, 2024 Jul 6, 2018 N/A· v4 4.9 MEDIUM· v3 5.5 MEDIUM· v2 A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
CVE-2018-13340 1Gleeztech 1Gleez Cms Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
CVE-2018-13031 1Damicms 1Damicms Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

Previous 1...377378379...466 Next