Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-0295 1Ibm 1Bigfix Platform Nov 21, 2024 Feb 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence...Show more Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.Show less
CVE-2018-0520 1Fsi 1Fs010w Firmware Nov 21, 2024 Feb 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
CVE-2018-0148 1Cisco 1Ucs Director Nov 21, 2024 Feb 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross...Show more A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.Show less
CVE-2018-0146 1Cisco 1Data Center Analytics Framework Nov 21, 2024 Feb 22, 2018 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is d...Show more A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could exploit this vulnerability by persuading a user of the affected application to click a malicious link. A successful exploit could allow the attacker to submit arbitrary requests and take unauthorized actions on behalf of the user. Cisco Bug IDs: CSCvg45114.Show less
CVE-2018-7308 1Hosting Project 1Hosting Jun 17, 2026 Feb 21, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.
CVE-2018-7305 1Mybb 1Mybb Jun 17, 2026 Feb 21, 2018 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.
CVE-2016-0348 1Ibm 1Tririga Application Platform Nov 21, 2024 Feb 21, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence...Show more Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.Show less
CVE-2017-12415 1Oxid Esales 1Eshop Nov 21, 2024 Feb 20, 2018 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3....Show more OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order.Show less
CVE-2018-6941 1Nat32 1Nat32 Jun 17, 2026 Feb 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
CVE-2018-6940 1Nat32 1Nat32 Jun 17, 2026 Feb 20, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
CVE-2018-7219 15none 1Nonecms Jun 17, 2026 Feb 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
CVE-2017-16756 1Userscape 1Helpspot Nov 21, 2024 Feb 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the passwor...Show more An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.Show less
CVE-2018-7216 1Tejari 1Bravo Solution Jun 17, 2026 Feb 18, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that...Show more Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.Show less
CVE-2018-7176 1Frontaccounting 1Frontaccounting Jun 17, 2026 Feb 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
CVE-2017-5796 1Hp 5J9623a Firmware J9624a FirmwareJ9625a Firmware+2 more Nov 21, 2024 Feb 15, 2018 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.
CVE-2017-5781 1Hp 1Matrix Operating Environment Nov 21, 2024 Feb 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.
CVE-2016-8513 1Hp 1Version Control Repository Manager Nov 21, 2024 Feb 15, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
CVE-2017-9963 1Schneider Electric 1Powerscada Anywhere Nov 21, 2024 Feb 12, 2018 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere...Show more A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.Show less
CVE-2018-6888 1Typesettercms 1Typesetter Jun 17, 2026 Feb 12, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingl...Show more An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.Show less
CVE-2018-1000053 1Limesurvey 1Limesurvey Nov 21, 2024 Feb 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website...Show more LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.Show less

Previous 1...386387388...466 Next