Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-9415 1Subsonic 1Subsonic May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted reque...Show more Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.Show less
CVE-2015-4639 1Koha 1Koha May 13, 2026 Jul 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a cr...Show more Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.Show less
CVE-2017-9930 1Greenpacket 1Dx 350 Firmware May 13, 2026 Jul 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
CVE-2017-1218 1Ibm 1Bigfix Platform May 13, 2026 Jul 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
CVE-2016-7507 1Glpi Project 1Glpi May 13, 2026 Jul 19, 2017 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.
CVE-2017-10961 1Vanderbilt 1Redcap May 13, 2026 Jul 18, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
CVE-2017-9810 1Kaspersky 1Anti Virus For Linux Server May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authentic...Show more There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.Show less
CVE-2017-7666 1Apache 1Openmeetings May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-1000069 1Oauth2 Proxy Project 1Oauth2 Proxy May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF in Bitly oauth2_proxy 2.1 during authentication flow
CVE-2017-1000008 1Chyrp Lite Project 1Chyrp Lite May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
CVE-2017-11196 1Pulsesecure 1Pulse Connect Secure May 13, 2026 Jul 12, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
CVE-2017-11193 1Pulsesecure 1Pulse Connect Secure May 13, 2026 Jul 12, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have...Show more Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.Show less
CVE-2017-2244 1Brother 1Mfc J960dwn Firmware May 13, 2026 Jul 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-2238 1Toshiba 2Hem Gw16a Firmware Hem Gw26a Firmware May 13, 2026 Jul 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attacke...Show more Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.Show less
CVE-2017-2223 1Iodata 7Ts Ptcam/poe Camera Firmware Ts Ptcam Camera FirmwareTs Wlc2 Camera Firmware+4 more May 13, 2026 Jul 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers t...Show more Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.Show less
CVE-2017-7404 1Dlink 1Dir 615 May 13, 2026 Jul 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without kno...Show more On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.Show less
CVE-2017-4998 1Emc 1Rsa Archer Egrc May 13, 2026 Jul 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to exe...Show more EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.Show less
CVE-2017-5943 1Bestpractical 1Request Tracker May 13, 2026 Jul 3, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
CVE-2017-6042 1Sierra Wireless 2Airlink Raven Xe Firmware Airlink Raven Xt Firmware May 13, 2026 Jun 30, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was int...Show more A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.Show less
CVE-2017-6038 1Belden Hirschmann 1Gecko Lite Managed Switch Firmware May 13, 2026 Jun 30, 2017 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the use...Show more A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.Show less

Previous 1...396397398...466 Next