Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-2983 1Php Kobo 1Photo Gallery Cms Free May 6, 2026 Aug 22, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary use...Show more Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.Show less
CVE-2015-4530 1Emc 5Documentum Administrator Documentum Digital Asset ManagerDocumentum Taskspace+2 more May 6, 2026 Aug 20, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, an...Show more Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.Show less
CVE-2015-0542 1Emc 1Rsa Archer Egrc May 6, 2026 Aug 20, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
CVE-2015-6523 1Portfolio Project 1Portfolio May 6, 2026 Aug 19, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a req...Show more Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.Show less
CVE-2015-6517 1Phpliteadmin Project 1Phpliteadmin May 6, 2026 Aug 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
CVE-2015-5508 1The Extensible Catalog Drupal Toolkit Project 1The Extensible Catalog Drupal Toolkit May 6, 2026 Aug 18, 2015 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip provide...Show more Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.Show less
CVE-2015-2848 1Honeywell 1Tuxedo Touch May 6, 2026 Jul 26, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands,...Show more Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.Show less
CVE-2015-4281 1Cisco 1Webex Meetings Server May 6, 2026 Jul 22, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.
CVE-2015-2134 1Hp 1System Management Homepage May 6, 2026 Jul 21, 2015 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-4460 1Boxautomation 1C2box May 6, 2026 Jul 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests...Show more Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.Show less
CVE-2015-4274 1Cisco 1Unified Intelligence Center May 6, 2026 Jul 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu9486...Show more Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.Show less
CVE-2015-5530 1Freereprintables 1Articlefr May 6, 2026 Jul 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a r...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.Show less
CVE-2015-4267 1Cisco 1Identity Services Engine Software May 6, 2026 Jul 15, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentica...Show more Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.Show less
CVE-2015-5397 1Joomla 1Joomla May 6, 2026 Jul 14, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown...Show more Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.Show less
CVE-2015-4254 1Cisco 1Telepresence Advanced Media Gateway May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
CVE-2015-4258 1Cisco 1Telepresence Mse 8000 Series May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.
CVE-2015-4257 1Cisco 1Telepresence Mcu Software May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.
CVE-2015-4256 1Cisco 1Telepresence Ip Vcr 3.0 May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.
CVE-2015-4255 1Cisco 1Telepresence Ip Gateway May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.
CVE-2015-4253 1Cisco 1Telepresence Serial Gateway May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728.

Previous 1...412413414...466 Next