Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-1769 1Ibm 1Business Process Manager Nov 21, 2024 Jan 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 13...Show more IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.Show less
CVE-2018-5976 1Rsvp Invitation Online Project 1Rsvp Invitation Online Jun 17, 2026 Jan 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
CVE-2018-5969 1Photography Cms Project 1Photography Cms Jun 17, 2026 Jan 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
CVE-2018-1000014 1Jenkins 1Translation Assistance Nov 21, 2024 Jan 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users...Show more Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.Show less
CVE-2018-1000013 1Jenkins 1Release Nov 21, 2024 Jan 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
CVE-2018-6009 1Yiiframework 1Yiiframework Jun 17, 2026 Jan 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
CVE-2017-18033 1Atlassian 1Jira Nov 21, 2024 Jan 18, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
CVE-2018-0107 1Cisco 1Prime Service Catalog Nov 21, 2024 Jan 18, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site requ...Show more A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.Show less
CVE-2018-5329 1Beims 1Contractorweb.net Nov 21, 2024 Jan 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email...Show more ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.Show less
CVE-2018-5673 1Booking Calendar Project 1Booking Calendar Jun 17, 2026 Jan 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
CVE-2018-5669 1Read And Understood Project 1Read And Understood Jun 17, 2026 Jan 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.
CVE-2018-5658 1Responsive Coming Soon Page Project 1Responsive Coming Soon Page Jun 17, 2026 Jan 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.
CVE-2018-5656 1Weblizar 1Pinterest Feeds Jun 17, 2026 Jan 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
CVE-2017-16886 1Fiberhome 1Lm53q1 Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change...Show more The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.Show less
CVE-2016-0335 1Ibm 1Security Identity Manager Nov 21, 2024 Jan 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users...Show more Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.Show less
CVE-2017-16862 1Atlassian 1Jira Nov 21, 2024 Jan 12, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
CVE-2018-5368 1Srbtranslatin Project 1Srbtranslatin Nov 21, 2024 Jan 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.
CVE-2018-5361 1Wpglobus 1Wpglobus Nov 21, 2024 Jan 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
CVE-2012-0699 1Haudenschilt 1Family Connections Cms Nov 21, 2024 Jan 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.Show less
CVE-2018-0785 1Microsoft 1Asp.net Core Nov 21, 2024 Jan 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".

Previous 1...388389390...466 Next