CSRF に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2019 年に公開され、CSRF に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2015-5595 | Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption). | 6.5 | 1.45% | 2019-12-31 | 2026-06-16 |
| CVE-2019-12273 | OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists | 6.5 | 0.46% | 2019-12-31 | 2026-06-16 |
| CVE-2013-0196 | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | 6.5 | 0.43% | 2019-12-30 | 2026-06-16 |
| CVE-2019-19737 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | 8.8 | 0.45% | 2019-12-30 | 2026-06-16 |
| CVE-2019-20071 | On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | 6.5 | 0.72% | 2019-12-29 | 2026-06-16 |
| CVE-2014-3136 | Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | 8.8 | 2.89% | 2019-12-27 | 2026-06-16 |
| CVE-2013-4665 | SPBAS Business Automation Software 2012 has CSRF. | 6.5 | 1.33% | 2019-12-27 | 2026-06-16 |
| CVE-2019-19995 | A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. | 8.8 | 0.66% | 2019-12-26 | 2026-06-16 |
| CVE-2019-16326 | D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. | 8.8 | 0.64% | 2019-12-26 | 2026-06-16 |
| CVE-2019-6030 | Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 | 0.68% | 2019-12-26 | 2026-06-16 |
| CVE-2019-6027 | Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 | 0.68% | 2019-12-26 | 2026-06-16 |
| CVE-2019-19981 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. | 5.4 | 0.56% | 2019-12-25 | 2026-06-16 |
| CVE-2019-19979 | A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | 8.8 | 0.63% | 2019-12-25 | 2026-06-16 |
| CVE-2019-4736 | IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706. | 4.3 | 0.40% | 2019-12-20 | 2026-06-16 |
| CVE-2019-4231 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | 4.3 | 0.72% | 2019-12-20 | 2026-06-16 |
| CVE-2018-1934 | IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | 8.8 | 0.43% | 2019-12-20 | 2026-06-16 |
| CVE-2019-19915 | The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF. | 9.0 | 0.86% | 2019-12-19 | 2026-06-16 |
| CVE-2019-17633 | For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it. | 8.8 | 0.81% | 2019-12-19 | 2026-06-16 |
| CVE-2019-19833 | In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area). | 6.5 | 14.71% | 2019-12-18 | 2026-06-16 |
| CVE-2019-19832 | Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) | 8.8 | 0.68% | 2019-12-18 | 2026-06-16 |