Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerabilities trick authenticated users into executing unwanted actions on a web application, potentially leading to unauthorized state changes.
23
MEDIUM
General
Understanding Cross-Site Request Forgery
Detailed information about this vulnerability type.
How to Identify
- •Review security advisories
- •Perform regular security testing
Prevention Best Practices
- ✓Follow security best practices
- ✓Keep systems updated
Cross-Site Request Forgery CVEs (23)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2021-25042 | 5.4 | This vulnerability allows an attacker to add any IP address to the exclusion list of the WP Visitor Statistics plugin, potentially blocking legitimate traffic. It requires the attacker to be an authenticated user or to trick a logged-in user into executing the action, and it could also lead to malicious scripts being run in the admin area due to poor input handling. | codepressvisitor statistics | Theoretical | about 4 years agoFeb 28, 2022 |
| CVE-2021-41372 | 7.6 | An attacker can upload a malicious Power BI template that includes harmful HTML files, which can then execute scripts in the context of a user’s session, potentially allowing the attacker to gain higher privileges if the victim has admin rights. This requires the victim to be tricked into accessing the malicious HTML files while logged into the Power BI Report Server. | microsoftpower bi report server | Theoretical | over 4 years agoNov 10, 2021 |
| CVE-2018-17366 | 8.8 | This vulnerability allows an attacker to create a new administrator account on the MCMS system without proper authorization. It requires the attacker to trick a logged-in user into clicking a malicious link while they are using the application. | mingsoftmcms | Exploit Available | over 7 years agoSep 23, 2018 |