Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-2059 1Ubbcentral 1Ubb.threads Apr 16, 2026 Jun 29, 2005 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to m...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.Show less
CVE-2005-1947 1Invisioncommunity 1Gallery Apr 16, 2026 Jun 9, 2005 N/A· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.
CVE-2005-1674 1Helpcenterlive 1Help Center Live Apr 16, 2026 May 19, 2005 N/A· v4 6.5 MEDIUM· v3 7.5 HIGH· v2 Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.
CVE-2004-1995 1Fusetalk 1Fusetalk Apr 16, 2026 Dec 31, 2004 N/A· v4 6.5 MEDIUM· v3 7.5 HIGH· v2 Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
CVE-2004-1842 1Phpnuke 1Php Nuke Apr 16, 2026 Dec 31, 2004 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
CVE-2004-1703 1Fusionphp 1Fusion News Apr 16, 2026 Jul 30, 2004 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the adm...Show more Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.Show less
CVE-2004-1967 1Openbb 1Openbb Apr 16, 2026 Apr 25, 2004 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow...Show more Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.Show less
CVE-2002-2426 1Citrix 3Access Essentials Metaframe Presentation ServerPresentation Server Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published a...Show more Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.Show less

Previous 1...462 463 464 465466