Filtered by CWE-352
Total 9397 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-8928 1 Mailcow 1 Mailcow\ 2025-04-20 8.8 High
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
CVE-2017-17908 1 Responsive Realestate Script Project 1 Responsive Realestate Script 2025-04-20 N/A
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
CVE-2017-11726 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.
CVE-2017-11648 1 Techroutes 2 Tr 1803-3g, Tr 1803-3g Firmware 2025-04-20 N/A
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
CVE-2017-17903 1 Fortunescripts 1 Lynda Clone 2025-04-20 N/A
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
CVE-2017-12439 1 Socusoft 1 Flash Slideshow Maker 2025-04-20 7.5 High
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.
CVE-2017-2682 1 Siemens 1 Ruggedcom Network Management Software 2025-04-20 N/A
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
CVE-2017-7556 1 Hawt 1 Hawtio 2025-04-20 N/A
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
CVE-2016-3403 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
CVE-2015-4697 1 Sumo 1 Google Analyticator 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.
CVE-2017-1000090 1 Jenkins 1 Role-based Authorization Strategy 2025-04-20 N/A
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
CVE-2017-14924 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
CVE-2017-15808 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15731 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVE-2017-7951 1 Wondercms 1 Wondercms 2025-04-20 N/A
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
CVE-2016-9991 1 Ibm 1 Sterling Selling And Fulfillment Foundation 2025-04-20 N/A
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.
CVE-2017-8100 1 Artistscope 1 Copysafe Web Protection 2025-04-20 N/A
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
CVE-2017-8101 1 S9y 1 Serendipity 2025-04-20 N/A
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVE-2015-7715 1 Realtyna 1 Realtyna Property Listing 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
CVE-2015-7293 2 Plone, Zope 2 Plone, Zope Management Interface 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.