Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-2613 1Jenkins 1Jenkins Nov 21, 2024 May 15, 2018 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to c...Show more jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).Show less
CVE-2018-11127 1E107 1E107 Nov 21, 2024 May 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 e107 2.1.7 has CSRF resulting in arbitrary user deletion.
CVE-2018-11126 1Doorgets 1Doorgets Nov 21, 2024 May 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
CVE-2017-12126 1Moxa 1Edr 810 Firmware Nov 21, 2024 May 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can cr...Show more An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.Show less
CVE-2018-11018 1Pbootcms 1Pbootcms Nov 21, 2024 May 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add....Show more An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.Show less
CVE-2018-11004 1Sdcms 1Sdcms Nov 21, 2024 May 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.
CVE-2018-11003 1Yxcms 1Yxcms Nov 21, 2024 May 12, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admi...Show more An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.Show less
CVE-2018-6458 1Ehcp 1Easy Hosting Control Panel Jun 17, 2026 May 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
CVE-2018-6023 1Fastweb 1Fastgate Firmware Jun 17, 2026 May 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
CVE-2018-10803 1Zohocorp 1Manageengine Netflow Analyzer Nov 21, 2024 May 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via...Show more Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.Show less
CVE-2018-10957 1Dlink 1Dir 868l Firmware Nov 21, 2024 May 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
CVE-2018-10806 1Frogcms Project 1Frogcms Nov 21, 2024 May 8, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with...Show more An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.Show less
CVE-2018-10758 1Datenstrom 1Yellow Nov 21, 2024 May 5, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
CVE-2018-10166 1Tp Link 1Eap Controller Nov 21, 2024 May 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated reque...Show more The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.Show less
CVE-2013-0185 1Redhat 1Manageiq Enterprise Virtualization Manager Nov 21, 2024 May 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vect...Show more Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.Show less
CVE-2018-10554 1Nagios 1Nagios Xi Nov 21, 2024 Apr 30, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/compone...Show more An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.Show less
CVE-2018-10503 1Baijiacms Project 1Baijiacms Nov 21, 2024 Apr 27, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=delet...Show more An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.Show less
CVE-2018-1479 1Ibm 1Bigfix Platform Nov 21, 2024 Apr 27, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140...Show more IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.Show less
CVE-2018-10312 1Wuzhicms 1Wuzhicms May 5, 2025 Apr 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
CVE-2018-10233 1Ultimatemember 1User Profile & Membership Nov 21, 2024 Apr 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.

Previous 1...381382383...466 Next