Filtered by CWE-352
Total 9397 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-5081 1 Django-cms 1 Django Cms 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
CVE-2017-6086 1 Vimbadmin 1 Vimbadmin 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
CVE-2015-4619 1 Denkgroot 1 Spina 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.
CVE-2017-1746 1 Ibm 1 Jazz For Service Management 2025-04-20 N/A
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
CVE-2017-6068 1 Intelliants 1 Subrion Cms 2025-04-20 N/A
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
CVE-2017-6066 1 Intelliants 1 Subrion Cms 2025-04-20 N/A
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
CVE-2017-17774 1 Piwigo 1 Piwigo 2025-04-20 N/A
admin/configuration.php in Piwigo 2.9.2 has CSRF.
CVE-2017-6042 1 Sierra Wireless 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
CVE-2015-3191 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2025-04-20 8.8 High
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CVE-2017-6038 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.
CVE-2017-17891 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
CVE-2015-2878 1 Watchguard 1 Hawkeye G 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
CVE-2015-2142 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.
CVE-2016-5372 1 Netapp 1 Snap Creator Framework 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVE-2015-1786 1 Zend 1 Zend Framework 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
CVE-2015-0276 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
CVE-2017-17936 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVE-2017-17990 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
CVE-2017-5943 1 Bestpractical 1 Request Tracker 2025-04-20 N/A
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
CVE-2017-2138 1 Cs-cart 2 Cs-cart, Cs-cart Multivendor 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.