EUVD-2026-37855

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

Moodle 跨站请求伪造漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from the lack of an anti-cross-site request forgery...

Exploit for Cross-Site Request Forgery (CSRF) in Selldone Storefront

🚨 CVE-2025-26206: Cross-Site Request Forgery CSRF in Sell Do...

The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.

The vulnerability of the SportsTeams extension of the software for implementing the hypertext environment MediaWiki is related to the lack of checks for the anti-CSRF token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. Exploiting this vulnerability could allow a malicious actor t...

Lfi-ProcessWire Cms 跨站请求伪造漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free content management system Cms and framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A cross-site request forgery vulnerability exists in Lfi-ProcessWire Cms version v3.0.200, which stems from Althoug...

Centreon Web 跨站请求伪造漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A cross-site request forgery vulnerability exists in Centreon-Web in Centreon Platform version 20.10...

MDaemon Webmail 跨站请求伪造漏洞

MDaemon Webmail is a server-side application used to provide mail services from MDaemon, Inc. in the United States. A security vulnerability exists in MDaemon Webmail versions prior to 20.0.4 that allows an attacker to immobilize an ANTI-CSRF token...

PT-2020-17373 · Mediawiki +2 · Pushtowatch Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.1 PushToWatch extension for MediaWiki versions through 1.35.1 Description: An issue was discovered in the PushToWatch extension for MediaWiki. The primary form did not implement an anti-CSRF token, making it...

CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

Radancy: Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl

Domain and URL: https://mijn.werkenbijdefensie.nl/activiteiten/bezocht Summary: Possible to unsubscribe from activities/events using CSRF Description: it is possible to unsubscribe a logged in user from any subscribed events. The unsubscribe is done by a GET-call which is of course not protected ...