CWE-352

A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim’s browser to execute undesired actions in the web application through crafted requests.

An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.

Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.

A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.