Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-43984 CRITICAL

Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution

CVE-2024-43930 MEDIUM

JobSearch < 2.5.3 - Cross-Site Request Forgery

CVE-2024-9434 MEDIUM

WPGlobus Translate Options <2.2.0 - CSRF

CVE-2024-48311 HIGH

Piwigo 14.5.0 - Cross-Site Request Forgery via Edit Album Function

CVE-2024-10557 MEDIUM

Blood Bank Management System 1.0 - Cross-Site Request Forgery in Profile Update Endpoint

CVE-2024-24777 HIGH

LevelOne WBR-6012 R0.40e6 - Cross-Site Request Forgery in Web Application

CVE-2024-9990 HIGH

Crypto Tool <= 2.15 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-50466 MEDIUM

DarkMySite - Advanced Dark Mode Plugin for WordPress <= 1.2.8 - Cross-Site Request Forgery

CVE-2024-6673 MEDIUM

lollms_web_ui < 10 - Cross-Site Request Forgery via install_comfyui Endpoint

CVE-2024-49672 HIGH

Google Docs RSVP <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-46872 MEDIUM

Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1 - Cross-Site Request Forgery via Playbooks Redirection

CVE-2024-48291 MEDIUM

dingfanzu CMS 1.0 - Cross-Site Request Forgery via Admin Action Endpoint

CVE-2024-48191 MEDIUM

dingfanzu CMS 1.0 - Cross-Site Request Forgery via Admin Action Deletion

CVE-2024-10448 MEDIUM

Blood Bank Management System 1.0 - Cross-Site Request Forgery via /file/delete.php bid Parameter

CVE-2024-9598 HIGH

AMP for WP - Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery via Proxy Function

CVE-2024-47879 HIGH

OpenRefine < 3.8.3 - Cross-Site Request Forgery via Preview Expression Command

CVE-2024-9943 MEDIUM

MultiVendorX < 4.2.5 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-10045 MEDIUM

Transients Manager <= 2.0.6 - Cross-Site Request Forgery via process_actions Function

CVE-2024-8980 CRITICAL

Liferay Digital Experience Platform 6.2-7.4.3.101 - Cross-Site Request Forgery in Script Console

CVE-2024-26273 HIGH

Liferay Portal 7.4.0-7.4.3.103 and DXP 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via Content Page Editor

CVE-2024-26272 HIGH

Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via p_l_back_url Parameter

CVE-2024-26271 HIGH

Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via My Account Widget

CVE-2024-9588 MEDIUM

Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-43945 MEDIUM

LatePoint < 4.9.91 - Cross-Site Request Forgery

CVE-2024-49628 MEDIUM

WhileTrue Most And Least Read Posts Widget <2.5.18 - CSRF

Previous Page 108 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy