Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-4049

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-07 Dec, 2021 | 10:40
Updated At-03 Aug, 2024 | 17:16
Rejected At-
Credits

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:07 Dec, 2021 | 10:40
Updated At:03 Aug, 2024 | 17:16
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Affected Products
Vendor
livehelperchat
Product
livehelperchat/livehelperchat
Versions
Affected
  • From unspecified before 2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e
x_refsource_CONFIRM
https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57
x_refsource_MISC
Hyperlink: https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e
x_refsource_CONFIRM
x_transferred
https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57
x_refsource_MISC
x_transferred
Hyperlink: https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:07 Dec, 2021 | 11:15
Updated At:08 Dec, 2021 | 14:55

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
livehelperchat
livehelperchat
>>live_helper_chat>>Versions before 2.0(exclusive)
cpe:2.3:a:livehelperchat:live_helper_chat:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@huntr.dev
CWE ID: CWE-352
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779esecurity@huntr.dev
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

302Records found
CVE-2022-0226
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4123
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2021 | 10:10
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0231
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.7||MEDIUM
EPSS-0.51% / 39.64%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 12:05
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0245
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.7||MEDIUM
EPSS-0.44% / 35.09%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 05:15
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-livehelperchatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4131
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 41.19%
||
7 Day CHG~0.00%
Published-18 Dec, 2021 | 06:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4015
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4005
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-04 Dec, 2021 | 12:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38886
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39044
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.23%
||
7 Day CHG+0.01%
Published-02 Feb, 2022 | 12:04
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-8082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.20% / 64.26%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 06:12
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3976
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 30.44%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 10:35
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-kimaikevinpapst
Product-kimai_2kevinpapst/kimai2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3900
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 39.66%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 17:45
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3963
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.00%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-kimaikevinpapst
Product-kimai_2kevinpapst/kimai2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3931
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in snipe/snipe-it

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-snipeitappsnipe
Product-snipe-itsnipe/snipe-it
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-7491
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 40.03%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle 2.x and 3.x
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-10448
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 31.08%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 13:31
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System delete.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-blood_bank_management_systemBlood Bank Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29757
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.50%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar User Behavior Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29837
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.23%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29816
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 27.87%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64700
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 1.63%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 04:06
Updated-18 Dec, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.

Action-Not Available
Vendor-GROWI, Inc.
Product-GROWI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-6673
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 6.29%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:50
Updated-01 Nov, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF Vulnerability in parisneo/lollms-webui

A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.

Action-Not Available
Vendor-ParisNeo (LoLLMs)
Product-lollms_web_uiparisneo/lollms-webuilollms-webui
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7065
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.37%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 09:31
Updated-01 Aug, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spina CMS cross-site request forgery

A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Spinadenkgroot
Product-CMSspina
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-10557
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.56% / 42.30%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 01:00
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System updateprofile.php cross-site request forgery

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-blood_bank_management_systemBlood Bank Management Systemblood_bank_management_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24231
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.04%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 14:06
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

Action-Not Available
Vendor-patreonUnknown
Product-patreon_wordpressPatreon WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1442
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.76% / 50.69%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.

Action-Not Available
Vendor-IBM Corporation
Product-monitoringMonitoring
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-20221
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 21:01
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_7861_with_multiplatform_firmwareip_conference_phone_7832_with_multiplatform_firmwareip_phone_8800_key_expansion_module_with_multiplatform_firmwareip_phone_8841ip_phone_7821_with_multiplatform_firmwareip_phone_8861ip_phone_6851ip_conference_phone_8832ip_phone_7841ip_phone_8811ip_phone_8841_with_multiplatform_firmwareip_phone_6821ip_phone_8851_key_expansion_moduleip_phone_6841_with_multiplatform_firmwareip_phone_7811_with_multiplatform_firmwareip_conference_phone_8832_with_multiplatform_firmwareip_phone_8861_key_expansion_moduleip_phone_8861_with_multiplatform_firmwareip_phone_6871_with_multiplatform_firmwareip_conference_phone_8831ip_phone_8845ip_phone_7841_with_multiplatform_firmwareip_phone_6841ip_phone_8800_key_expansion_moduleip_phone_6821_with_multiplatform_firmwareip_conference_phone_7832ip_phone_6871ip_phone_8865ip_phone_8845_with_multiplatform_firmwareip_phone_8865_with_multiplatform_firmwareip_phone_6851_with_multiplatform_firmwareip_phone_6825video_phone_8875_firmwareip_phone_8861_key_expansion_module_with_multiplatform_firmwareip_conference_phone_8831_with_multiplatform_firmwareip_phone_8811_with_multiplatform_firmwareip_phone_6861ip_phone_8851_key_expansion_module_with_multiplatform_firmwarevideo_phone_8875ip_phone_6825_with_multiplatform_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_7821ip_phone_6861_with_multiplatform_firmwareip_phone_8851_with_multiplatform_firmwareCisco IP Phones with Multiplatform FirmwareCisco PhoneOS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20468
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 23.09%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20489
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 18:05
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20580
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 29.47%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:50
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-0880
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 33.12%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 17:31
Updated-03 Jun, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qidianbang qdbcrm Password Reset cross-site request forgery

A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-100296Qidianbang
Product-qdbcrmqdbcrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1937
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 24.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 08:31
Updated-02 Aug, 2024 | 06:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zhenfeng13 My-Blog userInfo cross-site request forgery

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.

Action-Not Available
Vendor-my-blog_projectzhenfeng13
Product-my-blogMy-Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.11% / 61.70%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.

Action-Not Available
Vendor-hans_oesterholtn/a
Product-cmmen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 59.52%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 12:24
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.

Action-Not Available
Vendor-n/aUmbraco A/S (Umbraco)
Product-umbraco_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5521
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.54%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 18:31
Updated-09 Jun, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WuKongOpenSource WukongCRM updataPassword cross-site request forgery

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-5kcrmWuKongOpenSource
Product-wukongcrmWukongCRM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-54022
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 4.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Cross Site Request Forgery.This issue affects Coupon Affiliates: from n/a through <= 6.4.0.

Action-Not Available
Vendor-Elliot Sowersby / RelyWP
Product-Coupon Affiliates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-7038
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 31.02%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 17:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
automad User Creation cross-site request forgery

A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-automadn/a
Product-automadautomad
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5410
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.17%
||
7 Day CHG~0.00%
Published-01 Jun, 2025 | 22:31
Updated-25 Nov, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mist Community Edition middleware.py session_start_response cross-site request forgery

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-mistMist
Product-mistCommunity Edition
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2020-4826
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:55
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 4.99%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:22
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.

Action-Not Available
Vendor-hakeemnala
Product-Build App Online
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 9.42%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 12:31
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Summer Pearl Group Vacation Rental Management Platform cross-site request forgery

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-Summer Pearl Group
Product-Vacation Rental Management Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2017-6819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.34% / 81.48%
||
7 Day CHG~0.00%
Published-12 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-7052
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 28.60%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 01:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System profile.php cross-site request forgery

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing Systemonline_notes_sharing_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4827
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:55
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4992
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.79%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 13:55
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4904
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 37.51%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4938
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 31.50%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4526
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 37.88%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:50
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5033
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 13.86%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 17:31
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XiaoBingby TeaCMS addUser cross-site request forgery

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-teacms_projectXiaoBingby
Product-teacmsTeaCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2020-4917
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.03%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5132
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.57%
||
7 Day CHG~0.00%
Published-24 May, 2025 | 21:00
Updated-16 Jun, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tmall Demo logout cross-site request forgery

A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-project_teamTmall
Product-tmall_demoDemo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found