← Back
CWE-352

9,308 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,308)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-4935
1Patterninsight
1Pattern Insight
Apr 29, 2026
Nov 18, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2012-5898
1Samedia
1Landshop
Apr 29, 2026
Nov 17, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
CVE-2012-5891
1Dalbum
1Dalbum
Apr 29, 2026
Nov 17, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.Show less
CVE-2012-4853
1Ibm
1Websphere Application Server
Apr 29, 2026
Nov 14, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authenticatio...Show more
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.Show less
CVE-2012-4732
1Bestpractical
1Rt
Apr 29, 2026
Nov 11, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users fo...Show more
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.Show less
CVE-2012-4486
1Boombatower
1Subuser
Apr 29, 2026
Nov 2, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via u...Show more
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.Show less
CVE-2011-5226
1Trioniclabs
1Sentinel
Apr 29, 2026
Oct 25, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snap...Show more
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.Show less
CVE-2012-5387
1Videousermanuals
1White Label Cms
Apr 29, 2026
Oct 24, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify...Show more
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.Show less
CVE-2012-4773
1Intelliants
1Subrion Cms
Apr 29, 2026
Oct 22, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information,...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.Show less
CVE-2012-1900
1Razorcms
1Razorcms
Apr 29, 2026
Oct 22, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a s...Show more
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.Show less
CVE-2012-4002
1Glpi Project
1Glpi
Apr 29, 2026
Oct 9, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-5326
1Idevspot
1Isupport
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an ad...Show more
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.Show less
CVE-2012-5323
1Xavi
1X7968
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the adminis...Show more
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.Show less
CVE-2012-5320
1Sagem
2F@st 2604
F@st 2604 Firmware
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via...Show more
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.Show less
CVE-2012-5319
1Dlink
3Dcs 2000
Dcs 5300Dcs 900
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administ...Show more
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.Show less
CVE-2012-1416
1Socialcms
1Socialcms
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.Show less
CVE-2012-1308
1Dlink
2Dsl 2640b
Dsl 2640b Firmware
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator passwo...Show more
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.Show less
CVE-2012-5308
1Ibm
1Lotus Notes Traveler
Apr 29, 2026
Oct 8, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that crea...Show more
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.Show less
CVE-2012-1414
1Plume Cms
1Plume Cms
Apr 29, 2026
Oct 7, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish...Show more
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.Show less
CVE-2012-2999
1Cerberusftp
1Ftp Server
Apr 29, 2026
Oct 4, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.Show less