CWE-352: Cross-Site Request Forgery (CSRF)

A Cross-Site Request Forgery (CSRF) vulnerability in Kashipara Music Management System v1.0 allows attackers to trick authenticated users into perform...

This vulnerability involves predictable CSRF tokens that allow attackers to craft malicious requests. When victims unknowingly trigger these requests,...

A Cross-Site Request Forgery (CSRF) vulnerability in ePolicy Orchestrator (ePO) allows low-privileged remote users to add new administrator accounts b...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Jenkins where insufficient URL escaping allows attackers to trick authenticated users int...

A CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to trick authenticated users into performing unauthorized ...

This CSRF vulnerability in Jenkins Recipe Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacker-contro...

A CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin allows attackers with Overall/Read permission to trick authenticated users into conne...

A cross-site request forgery (CSRF) vulnerability in Zyxel ARMOR Z1/Z2 router firmware allows attackers to execute arbitrary commands by tricking auth...

This vulnerability in the WP Extra File Types WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings withou...

This CSRF vulnerability in Rockoa v1.9.8 allows authenticated attackers to create unauthorized administrator accounts by tricking legitimate users int...

CVE-2021-42097 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows privilege escalation. An attacker can obtain a CSRF tok...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Dada Mail that allows attackers to perform unauthorized actions as authenticated users. W...

This CSRF vulnerability in Cybozu Garoon allows authenticated attackers to trick administrators into performing unintended actions by exploiting their...

This CSRF vulnerability in DamiCMS v6.0.6 allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visitin...

CVE-2021-21407 is a Cross-Site Request Forgery (CSRF) vulnerability in Combodo iTop that allows attackers to bypass CSRF token validation through a tr...

A Cross-Site Request Forgery (CSRF) vulnerability in Star Practice Management Web allows attackers to change user privileges, including granting thems...

This CSRF vulnerability in EgavilanMedia User Registration & Login System 1.0 allows attackers to trick authenticated users into submitting malicious ...

This CSRF vulnerability in Lansweeper allows low-level authenticated users to escalate their privileges by tricking administrators into performing uni...

CVE-2020-2196 is a Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Selenium Plugin that allows attackers to perform administrative actions ...

This CSRF vulnerability in Smartvista BackOffice allows attackers to trick authenticated users into performing unintended actions via crafted GET requ...

A CSRF vulnerability in saTECH BCU firmware version 2.1.3 allows attackers to trick authenticated administrators into executing unauthorized actions. ...

This vulnerability allows attackers to inject malicious HTML attributes into Jupyter notebooks in GitLab, enabling them to perform arbitrary HTTP POST...

This CSRF vulnerability in the Muslim Prayer Time BD WordPress plugin allows attackers to trick authenticated administrators into resetting plugin set...

The WP Prayer WordPress plugin through version 2.0.9 lacks CSRF protection when updating settings, allowing attackers to trick logged-in administrator...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the ValvePress Automatic WordPress plugin. Attackers can trick authenticated a...

This stored cross-site scripting vulnerability in Pandora FMS allows attackers to inject malicious scripts into the Create event section. When users v...

This vulnerability affects all versions of the sqlite-web package, allowing attackers to perform unauthorized sensitive actions through Cross-Site Req...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in McAfee Data Loss Prevention ePO extension. It allows authenticated attackers t...

Ghost CMS versions 5.101.6 through 6.19.2 have incomplete CSRF protections in the session verification endpoint, allowing attackers to use one-time co...

A CSRF vulnerability in Socomec DIRIS Digiware M-70's WEBVIEW-M functionality allows attackers to craft malicious webpages that trick authenticated us...

A CSRF vulnerability in PHPGurukul Student Record System v3.2 allows attackers to trick authenticated administrators into executing unauthorized accou...

Mercku M6a devices allow attackers to change administrator passwords via cross-site request forgery (CSRF) attacks when accessed from the local networ...

This CSRF vulnerability in the Realtyna Organic IDX WordPress plugin allows attackers to trick authenticated administrators into performing unintended...

A CSRF-to-XSS vulnerability in the UCRM Client Signup Plugin allows attackers to execute arbitrary JavaScript in administrator sessions, potentially l...

This CSRF vulnerability in the Insert Headers And Footers WordPress plugin allows attackers to trick administrators into clicking malicious links that...

This CSRF vulnerability in Fortinet FortiNDR allows remote unauthenticated attackers to execute unauthorized actions via crafted HTTP GET requests. It...

This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into performing unauthorized actions via malicious li...

This CSRF vulnerability in Teedy allows attackers to perform unauthorized administrative actions via a forged POST request to /api/user/admin. It affe...

This CSRF vulnerability in CodeIgniter 3.1.13 allows attackers to trick authenticated administrators into unknowingly changing their own passwords. At...

This vulnerability in the ArtPlacer Widget WordPress plugin allows attackers to trick logged-in administrators into executing malicious actions via Cr...

This CSRF vulnerability in WP STAGING Pro WordPress Backup Plugin allows unauthenticated attackers to trick administrators into executing malicious re...

This vulnerability in Werkzeug's debugger allows attackers to execute arbitrary code on a developer's machine if they can trick the developer into int...

The MF Gig Calendar WordPress plugin through version 1.2.1 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers...

This vulnerability allows authenticated attackers in Dolibarr ERP CRM to steal session cookies and CSRF tokens from other users through crafted web pa...

This is a Cross-Site Request Forgery (CSRF) vulnerability in LedgerSMB that allows attackers to trick authenticated database administrators into unkno...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Siemens RUGGEDCOM ROX industrial routers. An attacker can trick authenticated ...

This CSRF vulnerability in the Groundhogg WordPress plugin allows authenticated attackers to trick administrators into performing actions that modify ...

The Change wp-admin login WordPress plugin before version 1.1.0 has an authorization bypass and missing CSRF protection in its settings update functio...

Shopware versions before 5.7.9 have a CSRF token validation flaw that allows attackers to bypass CSRF protection. This enables unauthorized actions to...

This vulnerability in XWiki allows attackers to determine whether an email address has an associated user account and identify the corresponding usern...