Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-0364 1Cisco 1Unified Communications Domain Manager Nov 21, 2024 Jun 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbit...Show more A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.Show less
CVE-2018-0363 1Cisco 1Unified Communications Manager Im And Presence Service Nov 21, 2024 Jun 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery...Show more A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.Show less
CVE-2018-6563 1Totemo 1Encryption Gateway Jun 17, 2026 Jun 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings,...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.Show less
CVE-2018-12583 1Akcms Project 1Akcms Nov 21, 2024 Jun 19, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
CVE-2018-12582 1Akcms Project 1Akcms Nov 21, 2024 Jun 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
CVE-2018-6497 1Microfocus 2Cms Server Universal Cmbd Server Jun 17, 2026 Jun 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018....Show more Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).Show less
CVE-2018-6496 1Microfocus 1Universal Cmbd Browser Jun 17, 2026 Jun 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forger...Show more Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).Show less
CVE-2018-12114 1Maccms 1Maccms Nov 21, 2024 Jun 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVE-2018-12354 1Knowage Suite 1Knowage Nov 21, 2024 Jun 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
CVE-2018-11406 2Debian Sensiolabs 2Debian Linux Symfony Nov 21, 2024 Jun 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when t...Show more An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.Show less
CVE-2017-5394 1Mozilla 1Firefox Nov 21, 2024 Jun 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox...Show more A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.Show less
CVE-2014-0594 1Opensuse 1Open Build Service Nov 21, 2024 Jun 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
CVE-2018-8925 1Synology 1Photo Station Jun 17, 2026 Jun 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) usernam...Show more Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.Show less
CVE-2018-1514 1Ibm 1Robotic Process Automation With Automation Anywhere Nov 21, 2024 Jun 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit...Show more IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.Show less
CVE-2017-7906 1Abb 1Ip Gateway Firmware Nov 21, 2024 Jun 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
CVE-2018-1000195 2Jenkins Oracle 2Communications Cloud Native Core Automated Test Suite Jenkins Nov 21, 2024 Jun 5, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request...Show more A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.Show less
CVE-2017-7635 1Qnap 1Nas Proxy Server Nov 21, 2024 Jun 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
CVE-2018-1432 1Ibm 1Infosphere Information Server Nov 21, 2024 Jun 5, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a mal...Show more IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.Show less
CVE-2018-11680 1Cmseasy 1Cmseasy Nov 21, 2024 Jun 2, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid...Show more An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.Show less
CVE-2018-11679 1Cmseasy 1Cmseasy Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.

Previous 1...379380381...466 Next