Filtered by CWE-352
Total 9397 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-17827 1 Piwigo 1 Piwigo 2025-04-20 N/A
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
CVE-2017-7398 2 D-link, Dlink 2 Dir-615 Firmware, Dir-615 2025-04-20 N/A
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
CVE-2017-9519 1 Atmail 1 Atmail 2025-04-20 N/A
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
CVE-2017-11455 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2025-04-20 N/A
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
CVE-2017-8138 1 Huawei 1 Hedex Lite 2025-04-20 N/A
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.
CVE-2017-8101 1 S9y 1 Serendipity 2025-04-20 N/A
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVE-2016-8737 1 Apache 1 Brooklyn 2025-04-20 N/A
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
CVE-2017-8100 1 Artistscope 1 Copysafe Web Protection 2025-04-20 N/A
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
CVE-2017-1442 1 Ibm 1 Emptoris Services Procurement 2025-04-20 N/A
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
CVE-2014-3709 1 Keycloak 1 Keycloak 2025-04-20 N/A
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
CVE-2017-7951 1 Wondercms 1 Wondercms 2025-04-20 N/A
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
CVE-2015-8624 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
CVE-2017-15731 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVE-2015-7715 1 Realtyna 1 Realtyna Property Listing 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
CVE-2017-7446 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
CVE-2016-4504 1 Meteocontrol 1 Weblog 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
CVE-2014-6106 1 Ibm 1 Security Identity Manager 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
CVE-2017-16565 1 Grandstream 2 Ht802, Ht802 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
CVE-2016-0356 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.
CVE-2016-4887 1 Basercms 1 Basercms 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.