Total
8866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8737 | 1 Apache | 1 Brooklyn | 2025-04-20 | N/A |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. | ||||
| CVE-2016-3403 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. | ||||
| CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2025-04-20 | 8.8 High |
| There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | ||||
| CVE-2015-8255 | 1 Axis | 1 Axis Communications Firmware | 2025-04-20 | N/A |
| AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | ||||
| CVE-2016-6521 | 1 Gopivotal | 1 Grails | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | ||||
| CVE-2015-7715 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. | ||||
| CVE-2015-7293 | 2 Plone, Zope | 2 Plone, Zope Management Interface | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | ||||
| CVE-2017-7926 | 1 Osisoft | 1 Pi Web Api | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | ||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | N/A |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | ||||
| CVE-2017-5187 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2025-04-20 | N/A |
| A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | ||||
| CVE-2017-7423 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | N/A |
| A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. | ||||
| CVE-2017-6002 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | ||||
| CVE-2015-2142 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | ||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | N/A |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | ||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | ||||
| CVE-2015-5170 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 8.8 High |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | ||||
| CVE-2017-1000244 | 1 Jenkins | 1 Favorite | 2025-04-20 | N/A |
| Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | ||||
| CVE-2015-5081 | 1 Django-cms | 1 Django Cms | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | ||||
| CVE-2015-3191 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 8.8 High |
| With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | ||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2025-04-20 | N/A |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | ||||