Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5445 1Hp 1Storeonce Backup System Software May 6, 2026 Jan 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5037 1Ibm 1Connections May 6, 2026 Jan 3, 2016 N/A· v4 5.4 MEDIUM· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary us...Show more Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.Show less
CVE-2015-7407 1Ibm 1Mashups Center May 6, 2026 Jan 2, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2015-5990 1Zyxel 1Gs1900 10hp Firmware May 6, 2026 Dec 31, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7284 1Zyxel 2Nbg 418n Nbg 418n Firmware May 6, 2026 Dec 31, 2015 N/A· v4 8.0 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7281 1Readynet Solutions 1Wrt300n Dd Firmware May 6, 2026 Dec 31, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7278 1Ampedwireless 1R10000 Firmware May 6, 2026 Dec 31, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-5996 1Mediabridge 1Medialink Mwn Wapr300n Firmware May 6, 2026 Dec 31, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2912 1Orientdb 1Orientdb May 6, 2026 Dec 31, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request...Show more The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.Show less
CVE-2015-7925 1Ewon 1Ewon Firmware May 6, 2026 Dec 23, 2015 N/A· v4 8.0 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of co...Show more Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.Show less
CVE-2015-7936 1Motorola 1Moscad Ip Gateway Firmware May 6, 2026 Dec 23, 2015 N/A· v4 7.5 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.
CVE-2015-8563 1Joomla 1Joomla May 6, 2026 Dec 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown...Show more Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2015-6378 1Cisco 1Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter May 6, 2026 Dec 14, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.
CVE-2015-6405 1Cisco 1Emergency Responder May 6, 2026 Dec 13, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.
CVE-2015-6408 1Cisco 1Unity Connection May 6, 2026 Dec 12, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
CVE-2015-8131 1Elastic 1Kibana May 6, 2026 Dec 7, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5318 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Nov 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
CVE-2015-5451 1Hp 1Operations Orchestration May 6, 2026 Nov 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-7291 1Arris 1Na Model 862 Gw Mono Firmware May 6, 2026 Nov 21, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers...Show more Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.Show less
CVE-2015-6376 1Cisco 1Telepresence Video Communication Server Software May 6, 2026 Nov 21, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.

Previous 1...409410411...466 Next