CWE-352: Cross-Site Request Forgery (CSRF)

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Zoho ManageEngine Log360 that allows attackers to disable logon security setti...

This vulnerability in OWASP CSRFGuard allows attackers to bypass Cross-Site Request Forgery (CSRF) protection by retrieving the CSRF cookie using only...

This CSRF vulnerability in the Shopping Cart & eCommerce Store WordPress plugin allows attackers to trick authenticated administrators into executing ...

This CSRF vulnerability in Express Cart v1.1.16 allows attackers to trick authenticated administrators into performing unauthorized actions like addin...

CVE-2021-37366 is a CSRF vulnerability in CTparental's admin panel that, when combined with XSS, allows attackers to trick administrators into disabli...

This CSRF vulnerability in IgnitedCMS v1.0 allows attackers to trick authenticated administrators into performing unauthorized actions via the profile...

Southsoft GMIS 5.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized access to private student information, including...

This Cross-Site Request Forgery (CSRF) vulnerability in the Nifty Newsletters WordPress plugin allows attackers to trick authenticated administrators ...

This Cross-Site Request Forgery (CSRF) vulnerability in the Admin Custom Login WordPress plugin allows attackers to trick authenticated administrators...

This vulnerability in the Post Index WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks, enabling them to inject m...

CVE-2021-29757 is a cross-site request forgery (CSRF) vulnerability in IBM QRadar User Behavior Analytics 4.1.1 that allows attackers to trick authent...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 that allows attackers to trick authenticated administrators into...

This CSRF vulnerability in WooCommerce Stock Manager WordPress plugin allows attackers to trick authenticated administrators into uploading arbitrary ...

This CSRF vulnerability in Software License Manager WordPress plugin allows attackers to trick administrators into performing unintended actions by se...

This CVE describes a cross-site request forgery (CSRF) vulnerability in IBM MQ Appliance versions 9.1 and 9.2. It allows attackers to trick authentica...

This CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail plugin allows attackers to trick administrators into performing unintended...

Machform versions before 16 are vulnerable to cross-site request forgery (CSRF) attacks due to missing CSRF tokens. This allows attackers to trick aut...

This CSRF vulnerability in JuQingCMS v1.0 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically cr...

This CSRF vulnerability in Ice Hrm 29.0.0.OS allows attackers to create new administrator accounts or change existing user passwords without authoriza...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in TrendNet TW100-S4W1CA routers. An attacker can trick an authenticated user int...

This CSRF vulnerability in TP-Link managed switches allows attackers to trick administrators into clicking malicious links that can change switch pass...

This CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-contro...

This CSRF vulnerability in CloverDX Server Console allows attackers to trick authenticated users into executing arbitrary actions, including script ex...

CVE-2020-18264 is a Cross-Site Request Forgery vulnerability in Simple-Log v1.6 that allows attackers to trick authenticated administrators into perfo...

This CSRF vulnerability in iCMS 7.0.16 allows attackers to trick authenticated users into executing malicious web scripts without their knowledge. Att...

CVE-2019-14836 is a Cross-Site Request Forgery (CSRF) vulnerability in the 3scale developer portal login mechanism. This allows attackers to trick aut...

CVE-2021-21549 is a Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC XtremIO XMS management software. It allows attackers to trick authenti...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in OpenNMS Horizon and Meridian that allows attackers to trick administrators int...

This CSRF vulnerability in Pluck CMS v4.7.9 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically ...

This CSRF vulnerability in ForestBlog allows attackers to trick authenticated administrators into performing unauthorized actions via the management i...

CVE-2021-32096 is a Cross-Site Request Forgery (CSRF) vulnerability in NSA Emissary's ConsoleAction component that allows attackers to inject arbitrar...

This CSRF vulnerability in Fork-CMS allows attackers to trick logged-in administrators into performing unintended actions by crafting malicious reques...

This CSRF vulnerability in the Business Directory Plugin for WordPress allows attackers to trick logged-in administrators into performing unauthorized...

This CSRF vulnerability in Rukovoditel v2.8.3 allows attackers to trick authenticated administrators into unknowingly creating new admin accounts with...

CVE-2020-21989 is a Cross-Site Request Forgery vulnerability in HomeAutomation 3.3.2 that allows attackers to trick authenticated users into performin...

CVE-2021-31584 is a Cross-Site Request Forgery (CSRF) vulnerability in Sipwise C5 NGCP's www_csc web interface that allows attackers to trick authenti...

This vulnerability in MDaemon email server allows attackers to perform Cross-Site Request Forgery (CSRF) attacks by fixing anti-CSRF tokens. It affect...

This CSRF vulnerability in Multilaser Router AC1200 firmware allows attackers to trick authenticated users into performing unauthorized actions like e...

This Cross-Site Request Forgery (CSRF) vulnerability in the Facebook for WordPress plugin allows attackers to trick authenticated administrators into ...

This CSRF vulnerability in Kagemai 0.8.8 allows attackers to trick authenticated administrators into performing unintended actions by crafting malicio...

This CSRF vulnerability in DMA Softlab Radius Manager 4.4.0 allows attackers to trick authenticated administrators into performing unauthorized action...

This vulnerability in the Contact Form 7 Style WordPress plugin allows attackers to inject malicious JavaScript through the custom CSS feature due to ...

This vulnerability allows attackers to trick WordPress administrators into uploading malicious zip archives through the Responsive Menu plugin. Succes...

CVE-2021-25924 is a Cross-Site Request Forgery vulnerability in GoCD's backup configuration endpoint that allows attackers to trick authenticated user...

This CSRF vulnerability in Jenkins Build With Parameters Plugin allows attackers to trick authenticated users into unknowingly triggering builds with ...

This CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin allows attackers to trick authenticated users into connecting to malicious URLs, pote...

This CSRF vulnerability in Jenkins Team Foundation Server Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to ...

This CSRF vulnerability in Jenkins Libvirt Agents Plugin allows attackers to stop hypervisor domains (virtual machines) managed by Jenkins. Attackers ...

This CSRF vulnerability in Grav CMS Scheduler allows attackers to trick authenticated administrators into executing arbitrary system commands by visit...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Quadbase EspressReports ES that allows unauthenticated attackers to trick administrators ...