Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-5301 1Magento 1Magento Nov 21, 2024 Jan 8, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
CVE-2018-5285 1Wpscoop 1Imageinject Nov 21, 2024 Jan 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
CVE-2017-1672 1Ibm 1Security Key Lifecycle Manager Nov 21, 2024 Jan 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-...Show more IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.Show less
CVE-2018-5073 1Advanced Real Estate Script Project 1Advanced Real Estate Script Nov 21, 2024 Jan 3, 2018 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 Online Ticket Booking has CSRF via admin/movieedit.php.
CVE-2017-1000479 2Netgate Opnsense Project 2Opnsense Pfsense Nov 21, 2024 Jan 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is s...Show more pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.Show less
CVE-2017-1000499 1Phpmyadmin 1Phpmyadmin Nov 21, 2024 Jan 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, droppin...Show more phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.Show less
CVE-2017-1000432 1Vanillaforums 1Vanilla Forums Nov 21, 2024 Jan 2, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
CVE-2017-17990 1Iwcnetwork 1Biometric Shift Employee Management System May 13, 2026 Dec 30, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
CVE-2017-17982 1Muslim Matrimonial Script Project 1Muslim Matrimonial Script May 13, 2026 Dec 30, 2017 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
CVE-2014-0120 2Hawt Redhat 2Hawtio Jboss Fuse May 13, 2026 Dec 29, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated...Show more Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."Show less
CVE-2017-17960 1Php Multivendor Ecommerce Project 1Php Multivendor Ecommerce May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
CVE-2017-17939 1Single Theater Booking Script Project 1Single Theater Booking Script May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
CVE-2017-17936 1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVE-2017-17930 1Ordermanagementscript 1Professional Service Script May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
CVE-2017-17908 1Responsive Realestate Script Project 1Responsive Realestate Script May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
CVE-2017-17905 1Car Rental Script Project 1Car Rental Script May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
CVE-2017-17903 1Fortunescripts 1Lynda Clone May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
CVE-2017-17894 1Basic Job Site Script Project 1Basic Job Site Script May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Readymade Job Site Script has CSRF via the /job URI.
CVE-2017-17891 1Readymade Video Sharing Script Project 1Readymade Video Sharing Script May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Readymade Video Sharing Script has CSRF via user-profile-edit.php.
CVE-2017-17830 1Doditsolutions 1Bus Booking Script May 13, 2026 Dec 21, 2017 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 Bus Booking Script has CSRF via admin/new_master.php.

Previous 1...389390391...466 Next