Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14048 1Blackcat Cms 1Blackcat Cms May 13, 2026 Aug 31, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.
CVE-2017-1442 1Ibm 1Emptoris Services Procurement May 13, 2026 Aug 30, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Fo...Show more IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.Show less
CVE-2016-2965 1Ibm 1Sametime May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force t...Show more IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.Show less
CVE-2016-0356 1Ibm 1Sametime May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery....Show more IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.Show less
CVE-2016-0355 1Ibm 1Sametime May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery....Show more IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.Show less
CVE-2017-11455 2Ivanti Pulsesecure 3Connect Secure Pulse Connect SecurePulse Policy Secure May 13, 2026 Aug 29, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of...Show more diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.Show less
CVE-2015-3655 1Arubanetworks 1Clearpass May 13, 2026 Aug 29, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper...Show more Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.Show less
CVE-2014-8900 1Ibm 1Urbancode Deploy May 13, 2026 Aug 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
CVE-2017-7926 1Osisoft 1Pi Web Api May 13, 2026 Aug 25, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-sit...Show more A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.Show less
CVE-2017-12703 1Westermo 4Mrd 305 Din Firmware Mrd 315 Din FirmwareMrd 355 Din Firmware+1 more May 13, 2026 Aug 25, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request w...Show more A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.Show less
CVE-2017-12970 1Apache2triad 1Apache2triad May 13, 2026 Aug 23, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to php...Show more Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.Show less
CVE-2015-5258 2Fedoraproject Vmware 2Fedora Spring Social May 13, 2026 Aug 22, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVE-2017-7557 1Powerdns 1Dnsdist May 13, 2026 Aug 22, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
CVE-2017-7423 1Microfocus 2Enterprise Developer Enterprise Server May 13, 2026 Aug 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthentica...Show more A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.Show less
CVE-2017-5187 1Microfocus 4Directory Server Enterprise DeveloperEnterprise Server+1 more May 13, 2026 Aug 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix...Show more A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.Show less
CVE-2017-12881 1Spring Batch Admin Project 1Spring Batch Admin May 13, 2026 Aug 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the fil...Show more Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.Show less
CVE-2015-5081 1Django Cms 1Django Cms May 13, 2026 Aug 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
CVE-2017-12593 1Asus 1Dsl N10s Firmware May 13, 2026 Aug 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
CVE-2017-12589 1Tomaxcom 2R60g Firmware R60gv2 Firmware May 13, 2026 Aug 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
CVE-2017-7556 1Hawt 1Hawtio May 13, 2026 Aug 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on b...Show more Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.Show less

Previous 1...394395396...466 Next