Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-12739 1Beescms 1Beescms Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
CVE-2016-10522 1Rails Admin Project 1Rails Admin Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application a...Show more rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.Show less
CVE-2018-11636 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
CVE-2018-13067 1Opencart 1Opencart Nov 21, 2024 Jul 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
CVE-2018-12574 1Tp Link 1Tl Wr841n Firmware Nov 21, 2024 Jul 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
CVE-2018-12529 1Intex 1N150 Firmware Nov 21, 2024 Jul 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
CVE-2018-13040 1Opendesa 1Opensid Nov 21, 2024 Jul 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
CVE-2018-13032 1Ecessa 1Shieldlink Sl175ehq Firmware Nov 21, 2024 Jul 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
CVE-2018-13010 1Wstmall 1Wstmall Nov 21, 2024 Jun 29, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.
CVE-2018-12971 1Easycms 1Easycms Nov 21, 2024 Jun 29, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVE-2018-11448 1Siemens 1Scalance M875 Firmware Nov 21, 2024 Jun 26, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious...Show more A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2018-11447 1Siemens 1Scalance M875 Firmware Nov 21, 2024 Jun 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious...Show more A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2018-1000514 1Limesurvey 1Limesurvey Nov 21, 2024 Jun 26, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.
CVE-2018-1000507 1Jjj 1Wp User Groups Nov 21, 2024 Jun 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin mu...Show more WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.Show less
CVE-2018-1000506 1Mediaron 1Metronet Tag Manager Nov 21, 2024 Jun 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anythin...Show more Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.Show less
CVE-2018-1000505 1Tooltipy 1Tooltipy Nov 21, 2024 Jun 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin mu...Show more Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.Show less
CVE-2018-12603 1Lfdycms 1Lfcms Nov 21, 2024 Jun 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a relat...Show more Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.Show less
CVE-2018-12602 1Lfdycms 1Lfcms Nov 21, 2024 Jun 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
CVE-2018-12659 1Slims Akasia Project 1Slims Akasia Nov 21, 2024 Jun 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
CVE-2018-0365 1Cisco 32Amp 7150 Firmware Amp 8150 FirmwareFirepower Appliance 7010 Firmware+29 more Nov 26, 2024 Jun 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actio...Show more A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.Show less

Previous 1...378379380...466 Next