Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2129 1Elvinbts 1Elvinbts Apr 23, 2026 Jun 19, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
CVE-2009-2073 1Cisco 1Wrt160n Apr 23, 2026 Jun 15, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown v...Show more Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.Show less
CVE-2009-2005 1Dokeos 1Dokeos Apr 23, 2026 Jun 8, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
CVE-2008-6832 1Atlassian 1Jira Apr 23, 2026 Jun 8, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this inf...Show more Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-6823 1A Link 2Wl54ap2 Wl54ap3 Apr 23, 2026 Jun 4, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of adm...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.Show less
CVE-2009-1802 2Freepbx Sangoma 2Freepbx Freepbx Apr 23, 2026 May 28, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.Show less
CVE-2009-1757 1Transmissionbt 1Transmission Apr 23, 2026 May 22, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-1733 1Richard Ellerbrock 1Ipplan Apr 23, 2026 May 20, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unk...Show more Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors.Show less
CVE-2009-1464 1Klinzmann 1Application Access Server Apr 23, 2026 May 14, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbi...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job.Show less
CVE-2008-6801 1Vivvo 1Vivvo Apr 23, 2026 May 7, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-1561 1Cisco 1Wrt54gc Apr 23, 2026 May 6, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests t...Show more Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.Show less
CVE-2009-1518 1Beltane 1Beltane Apr 23, 2026 May 4, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unkno...Show more Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2009-1434 1Foswiki 1Foswiki Apr 23, 2026 Apr 30, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group membersh...Show more Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.Show less
CVE-2009-1339 1Twiki 1Twiki Apr 23, 2026 Apr 30, 2009 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save...Show more Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.Show less
CVE-2009-1459 1Razorcms 1Razorcms Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
CVE-2009-1455 1Andrew Simpson 1Webcollab Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.Show less
CVE-2008-6758 1Viart 1Viart Shop Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-si...Show more Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.Show less
CVE-2008-6744 1Cybozu 3Cybozu Dezie Cybozu GaroonCybozu Office Apr 23, 2026 Apr 23, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unkn...Show more Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2008-6729 1Phpmotion 1Phpmotion Apr 23, 2026 Apr 20, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.Show less
CVE-2009-0039 1Apache 1Geronimo Apr 23, 2026 Apr 17, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators f...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.Show less

Previous 1...456457458...466 Next