Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerabilities trick authenticated users into executing unwanted actions on a web application, potentially leading to unauthorized state changes.
2
MEDIUM
General
Understanding Cross-Site Request Forgery
Detailed information about this vulnerability type.
How to Identify
- •Review security advisories
- •Perform regular security testing
Prevention Best Practices
- ✓Follow security best practices
- ✓Keep systems updated
Cross-Site Request Forgery CVEs (2)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2022-0088 | 7.4 | This vulnerability allows an attacker to trick a logged-in user of the YOURLS URL shortening service into performing unwanted actions without their consent, potentially leading to unauthorized changes or data exposure. The attacker needs to get the user to click on a malicious link while they are logged into the service. | yourlsyourls | Exploit Available | almost 4 years agoApr 3, 2022 |
| CVE-2018-17366 | 8.8 | This vulnerability allows an attacker to create a new administrator account on the MCMS platform, which could give them full control over the system. To exploit this, the attacker needs to trick a logged-in user into clicking a malicious link while they are using the application. | mingsoftmcms | Exploit Available | over 7 years agoSep 23, 2018 |