Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-42557 HIGH

Hotel Management System <commit 91caab8 - CSRF

CVE-2024-42555 HIGH

Hotel Management System <commit 91caab8 - CSRF

CVE-2024-42553 HIGH

Hotel Management System <commit 91caab8 - CSRF

CVE-2024-7850 MEDIUM

BP Profile Search <= 5.7.5 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-7501 MEDIUM

Download Plugins and Themes in ZIP from Dashboard <= 1.8.7 - Cross-Site Request Forgery via download_theme() Function

CVE-2024-7422 MEDIUM

Theme My Login <= 7.1.7 - Cross-Site Request Forgery via tml_admin_save_ms_settings()

CVE-2024-42476 MEDIUM

CORDEA oauth < 0.11 - Cross-Site Request Forgery via State Parameter Bypass

CVE-2024-42475 MEDIUM

CORDEA oauth < 0.11 - Insufficient Entropy in OAuth State Parameter

CVE-2024-7420 MEDIUM

Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-39410 MEDIUM

Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Cross-Site Request Forgery

CVE-2024-39409 MEDIUM

Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Cross-Site Request Forgery

CVE-2024-39408 MEDIUM

Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Cross-Site Request Forgery

CVE-2024-38724 HIGH

Contact Form 7 Summary and Print <1.2.5 - XSS

CVE-2024-42627 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via Snippet Delete Endpoint

CVE-2024-42626 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via Snippet Add Endpoint

CVE-2024-42625 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via /admin/?/layout/add

CVE-2024-42624 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via Page Delete Endpoint

CVE-2024-42623 HIGH

FrogCMS 0.9.5 - Cross-Site Request Forgery via Layout Delete Endpoint

CVE-2024-42632 HIGH

FrogCMS 0.9.5 - Cross-Site Request Forgery via /admin/?/page/add

CVE-2024-42631 HIGH

FrogCMS 0.9.5 - Cross-Site Request Forgery via Layout Edit Endpoint

CVE-2024-42630 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via File Manager Create File Endpoint

CVE-2024-42629 HIGH

FrogCMS 0.9.5 - Cross-Site Request Forgery via Page Edit Endpoint

CVE-2024-42628 HIGH

FrogCMS v0.9.5 - Cross-Site Request Forgery via Snippet Edit Endpoint

CVE-2024-7662 MEDIUM

Car Driving School Management System 1.0 - Cross-Site Request Forgery in Package Management

CVE-2024-7661 MEDIUM

Car Driving School Management System 1.0 - Cross-Site Request Forgery in User Save Function

Previous Page 116 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy