CWE-352
9,314 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,314)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Rtsindia 1Rwr 3g 100 Firmware May 13, 2026 Aug 14, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. |
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website...Show more |
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. |
1Cisco 1Prime Collaboration Provisioning May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of...Show more |
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. |
1Slims 1Senayan Library Management System May 13, 2026 Aug 6, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into ch...Show more |
1Sma 40Sunny Boy 1.5 Firmware Sunny Boy 2.5 FirmwareSunny Boy 3.0 Firmware+37 moreMay 13, 2026 Aug 5, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for e...Show more |
1Socusoft 1Flash Slideshow Maker May 13, 2026 Aug 5, 2017 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. Th...Show more |
1Cs Cart 2Cs Cart Cs Cart MultivendorMay 13, 2026 Aug 2, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attacker...Show more |
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. |
1Techroutes 1Tr 1803 3g Firmware May 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. |
1Ibm 1Infosphere Master Data Management Server May 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a use...Show more |
1Ibm 1Infosphere Master Data Management Server May 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from...Show more |
2Arris Cisco2Dpc3939b Firmware Tg1682g FirmwareMay 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. |
2Cisco Commscope2Arris Tg1682g Firmware Dpc3939b FirmwareMay 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. |
1Netcomm 24gt101w Bootloader 4gt101w SoftwareMay 13, 2026 Jul 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain an...Show more |
1Project Hashtopussy 1Hashtopussy May 13, 2026 Jul 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. |
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add pa...Show more |
1Buffalo 2Wmr 433 Firmware Wmr 433w FirmwareMay 13, 2026 Jul 22, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vect...Show more |