Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7700 1Dedecms 1Dedecms Jun 17, 2026 Mar 27, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
CVE-2018-8764 2Debian Ldap Account Manager 2Debian Linux Ldap Account Manager Jun 17, 2026 Mar 27, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging lo...Show more Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.Show less
CVE-2018-8718 1Jenkins 1Mailer Jun 17, 2026 Mar 27, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sen...Show more Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.Show less
CVE-2018-1213 1Dell 1Emc Isilon Onefs Nov 21, 2024 Mar 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A maliciou...Show more Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.Show less
CVE-2018-8979 1Open Audit 1Open Audit Jun 17, 2026 Mar 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
CVE-2018-8817 1Wampserver 1Wampserver Jun 17, 2026 Mar 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Wampserver before 3.1.3 has CSRF in add_vhost.php.
CVE-2018-8972 1Creditwestbank 1Cwcms Jun 17, 2026 Mar 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell tha...Show more Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.Show less
CVE-2018-1000137 1Scilico 1I, Librarian Dec 5, 2025 Mar 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.
CVE-2018-7524 1Geutebrueck 2G Cam/efd 2250 Firmware Topfd 2125 Firmware Jun 17, 2026 Mar 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the syste...Show more A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.Show less
CVE-2017-0933 1Ubnt 1Edgeos Nov 21, 2024 Mar 22, 2018 N/A· v4 8.0 HIGH· v3 8.5 HIGH· v2 Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the att...Show more Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.Show less
CVE-2018-1230 1Pivotal Software 1Spring Batch Admin Nov 21, 2024 Mar 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has no...Show more Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.Show less
CVE-2014-1457 1Openwebanalytics 1Open Web Analytics Nov 21, 2024 Mar 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
CVE-2018-8811 1Alkacon 1Opencms Jun 17, 2026 Mar 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform pr...Show more Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content managerShow less
CVE-2014-2675 1Wp Html Sitemap Project 1Wp Html Sitemap Nov 21, 2024 Mar 19, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sit...Show more Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.Show less
CVE-2014-2550 1Disable Comments 1Disable Comments Project Nov 21, 2024 Mar 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a req...Show more Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.Show less
CVE-2014-2274 1Subscribe To Comments Reloaded Project 1Subscribe To Comments Reloaded Nov 21, 2024 Mar 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cr...Show more Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.Show less
CVE-2014-4613 1Piwigo 1Piwigo Nov 21, 2024 Mar 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add ac...Show more Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.Show less
CVE-2018-6224 1Trendmicro 1Email Encryption Gateway Jun 17, 2026 Mar 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.
CVE-2018-8717 1Joyplus Cms Project 1Joyplus Cms Jun 17, 2026 Mar 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.
CVE-2018-7701 1Securenvoy 1Securmail Jun 17, 2026 Mar 15, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.Show less

Previous 1...384385386...466 Next