Explore CVEs related to CSRF vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing CSRF CVEs published in 2010. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2010-4627 | Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.39% | 2010-12-30 | 2026-04-29 |
| CVE-2010-3878 | Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. | 4.3 | 0.14% | 2010-12-30 | 2026-04-29 |
| CVE-2010-4507 | Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_et | 9.3 | 0.22% | 2010-12-30 | 2026-04-29 |
| CVE-2010-4519 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | 6.8 | 0.10% | 2010-12-23 | 2026-04-29 |
| CVE-2010-3449 | Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | 6.8 | 3.24% | 2010-12-06 | 2026-04-29 |
| CVE-2010-3891 | Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. | 6.8 | 3.29% | 2010-11-12 | 2026-04-29 |
| CVE-2010-3694 | Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | 6.8 | 0.17% | 2010-11-09 | 2026-04-29 |
| CVE-2010-0785 | Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.0 | 0.27% | 2010-11-09 | 2026-04-29 |
| CVE-2010-4106 | Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.11% | 2010-11-02 | 2026-04-29 |
| CVE-2010-4032 | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.13% | 2010-11-02 | 2026-04-29 |
| CVE-2010-4024 | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.14% | 2010-10-28 | 2026-04-29 |
| CVE-2010-3989 | Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.14% | 2010-10-28 | 2026-04-29 |
| CVE-2010-3288 | Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 | 0.14% | 2010-10-23 | 2026-04-29 |
| CVE-2010-3884 | Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 6.8 | 0.15% | 2010-10-08 | 2026-04-29 |
| CVE-2010-3883 | Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. | 6.8 | 0.09% | 2010-10-08 | 2026-04-29 |
| CVE-2010-3603 | Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. | 6.8 | 4.22% | 2010-09-24 | 2026-04-29 |
| CVE-2010-1767 | Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. | 6.8 | 0.63% | 2010-09-24 | 2026-04-29 |
| CVE-2010-3464 | Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php. | 6.8 | 0.15% | 2010-09-17 | 2026-04-29 |
| CVE-2010-0153 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. | 6.8 | 0.09% | 2010-09-14 | 2026-04-29 |
| CVE-2010-3213 | Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. | 6.8 | 1.82% | 2010-09-07 | 2026-04-29 |