Vulnerabilities (CVE)

Filtered by CWE-352
Total 9185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41074 1 Webkul 1 Qloapps 2026-06-17 N/A 5.4 MEDIUM
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.
CVE-2021-40965 1 Prasathmani 1 Tiny File Manager 2026-06-17 9.3 HIGH 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.
CVE-2021-40662 1 Chamilo 1 Chamilo 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
CVE-2021-40518 1 Airangel 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Airangel HSMX Gateway devices through 5.2.04 allow CSRF.
CVE-2021-40335 1 Hitachienergy 2 Modular Switchgear Monitoring, Modular Switchgear Monitoring Firmware 2026-06-17 N/A 5.0 MEDIUM
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
CVE-2021-40174 1 Zohocorp 1 Manageengine Log360 2026-06-17 6.8 MEDIUM 8.8 HIGH
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVE-2021-40173 1 Zohocorp 1 Manageengine Cloud Security Plus 2026-06-17 6.8 MEDIUM 8.8 HIGH
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
CVE-2021-40172 1 Zohocorp 1 Manageengine Log360 2026-06-17 6.8 MEDIUM 8.8 HIGH
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
CVE-2021-40108 1 Concretecms 1 Concrete Cms 2026-06-17 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
CVE-2021-3993 1 Showdoc 1 Showdoc 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3976 1 Kimai 1 Kimai 2 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3963 1 Kimai 1 Kimai 2 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3957 1 Kimai 1 Kimai 2 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3944 1 Bookstackapp 1 Bookstack 2026-06-17 4.0 MEDIUM 6.8 MEDIUM
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3932 1 Area17 1 Twill 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
twill is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3931 1 Snipeitapp 1 Snipe-it 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3921 1 Firefly-iii 1 Firefly Iii 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3901 1 Firefly-iii 1 Firefly Iii 2026-06-17 6.8 MEDIUM 8.8 HIGH
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3900 1 Firefly-iii 1 Firefly Iii 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3858 1 Snipeitapp 1 Snipe-it 2026-06-17 6.8 MEDIUM 8.8 HIGH
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)