Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-4079 1Redmine 1Redmine Apr 23, 2026 Nov 25, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
CVE-2009-4077 1Roundcube 1Webmail Apr 23, 2026 Nov 25, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vec...Show more Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.Show less
CVE-2009-4076 1Roundcube 1Webmail Apr 23, 2026 Nov 25, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified v...Show more Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.Show less
CVE-2009-4066 2Drupal Paul Beaney 2Drupal Phplist Apr 23, 2026 Nov 24, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.Show less
CVE-2009-2746 1Ibm 1Websphere Application Server Apr 23, 2026 Nov 16, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows...Show more Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.Show less
CVE-2009-2816 4Apple FedoraprojectGoogle+1 more 5Chrome FedoraIphone Os+2 more Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-ori...Show more The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.Show less
CVE-2009-3922 1Chad Phillips 1Userprotect Apr 23, 2026 Nov 9, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule.Show less
CVE-2009-3633 1Typo3 1Typo3 Apr 23, 2026 Nov 2, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbi...Show more Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.Show less
CVE-2009-3785 1Sjoerd Arendsen 1Simplenews Statistics Apr 23, 2026 Oct 26, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVE-2009-3784 1Sjoerd Arendsen 1Simplenews Statistics Apr 23, 2026 Oct 26, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-3759 1Citrix 1Xencenterweb Apr 23, 2026 Oct 22, 2009 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that c...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-3656 1Tim Nelson 1Shared Sign On Apr 23, 2026 Oct 9, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVE-2009-3520 1Cmsphp Project 1Cmsphp Apr 23, 2026 Oct 1, 2009 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the...Show more Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.Show less
CVE-2009-3248 1Vtiger 1Vtiger Crm Apr 23, 2026 Sep 18, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl param...Show more Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.Show less
CVE-2008-7243 1Modxcms 1Modxcms Apr 23, 2026 Sep 17, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php....Show more Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.Show less
CVE-2008-7241 1Punbb 1Punbb Apr 23, 2026 Sep 17, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
CVE-2008-7221 1Runcms 1Runcms Apr 23, 2026 Sep 14, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafte...Show more Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.Show less
CVE-2008-7214 2Brilaps Mambo Foundation 2Mambo Mostlyce Apr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests...Show more Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.Show less
CVE-2008-7204 1Virtuemart 1Virtuemart Apr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2007-6730 1Zyxel 1P 330w Router Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable rem...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.Show less

Previous 1...454455456...466 Next