Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10295 1Chemcms Project 1Chemcms Nov 21, 2024 Apr 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.
CVE-2018-10267 1Wtcms Project 1Wtcms Nov 21, 2024 Apr 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
CVE-2018-10266 1Beescms 1Beescms Nov 21, 2024 Apr 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
CVE-2018-10265 1Hongcms Project 1Hongcms Nov 21, 2024 Apr 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
CVE-2018-10249 1Baijiacms Project 1Baijiacms Nov 21, 2024 Apr 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
CVE-2018-10248 1Wuzhicms 1Wuzhicms May 5, 2025 Apr 20, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
CVE-2018-0259 1Cisco 1Mate Collector Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affe...Show more A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222.Show less
CVE-2018-0255 1Cisco 1Ios Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affecte...Show more A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405.Show less
CVE-2018-10188 1Phpmyadmin 1Phpmyadmin Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
CVE-2018-10224 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 19, 2018 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
CVE-2018-10223 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 19, 2018 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVE-2018-10222 1Icmsdev 1Icms Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
CVE-2018-10185 1Tuzicms 1Tuzicms Nov 21, 2024 Apr 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.
CVE-2018-10137 1Iscripts 1Uberforx Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
CVE-2018-10132 1Pbootcms 1Pbootcms Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
CVE-2018-10127 1Xyhcms Project 1Xyhcms Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
CVE-2018-10117 1Icmsdev 1Icms Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
CVE-2017-0362 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Apr 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
CVE-2018-6934 1Ordermanagementscript 1Online Tutoring Script Jun 17, 2026 Apr 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.
CVE-2015-0151 1Dlink 1Dir 815 Firmware Nov 21, 2024 Apr 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Previous 1...382383384...466 Next