Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352

CVE-2024-28429 MEDIUM

DedeCMS v5.7 - Cross-Site Request Forgery via archives_do.php

CVE-2024-2416 MEDIUM

Movistar's 4G router <ES_WLD71-T1_v2.0.2018 - CSRF

CVE-2024-2395 HIGH

Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-2354 MEDIUM

Dreamer CMS 4.1.3 - Cross-Site Request Forgery in /admin/menu/toEdit

CVE-2024-2316 MEDIUM

bdtask hospital_automanager < 20240227 - Cross-Site Request Forgery in Update Bill Page

CVE-2024-2277 MEDIUM

Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 - Cross-Site Request Forgery in Password Reset Handler

CVE-2024-0203 HIGH

Digits < 8.4.2 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-2215 MEDIUM

Jenkins docker-build-step Plugin <2.11 - CSRF

CVE-2024-28158 MEDIUM

Jenkins Subversion Partial Release Manager Plugin < 1.0.1 - Cross-Site Request Forgery

CVE-2024-1760 MEDIUM

Appointment Booking Calendar - Simply Schedule Appointments <= 1.6.6.20 - Cross-Site Request Forgery

CVE-2024-27694 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/share/ztree_category_edit

CVE-2024-26469 HIGH

Product Designer < 1.178.36 - Server-Side Request Forgery via URL Parameter

CVE-2024-2134 MEDIUM

Bdtask Hospita AutoManager <20240223 - CSRF

CVE-2024-1592 MEDIUM

Complianz - GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery via process_delete Function

CVE-2024-27689 HIGH

Stupid Simple CMS < 1.2.4 - Cross-Site Request Forgery via /update-article.php

CVE-2024-27559 MEDIUM

codelyfe stupid_simple_cms < 1.2.4 - Cross-Site Request Forgery via /save_settings.php

CVE-2024-21752 HIGH

Ajax Search Lite <= 4.11.4 - Reflected Cross-Site Scripting via CSRF

CVE-2024-1976 MEDIUM

Marketing Optimizer <20200925 - CSRF

CVE-2024-25932 MEDIUM

Change Table Prefix <= 2.0 - Cross-Site Request Forgery

CVE-2024-25931 MEDIUM

Heureka < 1.0.8 - Cross-Site Request Forgery

CVE-2024-25930 MEDIUM

Custom Order Statuses for WooCommerce < 1.5.2 - Cross-Site Request Forgery

CVE-2024-24708 MEDIUM

W3speedster < 7.19 - Cross-Site Request Forgery

CVE-2024-24701 MEDIUM

Native Grid LLC <2.1.20 - CSRF

CVE-2024-23519 MEDIUM

M&S Consulting Email Before Download < 6.9.7 - Cross-Site Request Forgery

CVE-2024-22939 HIGH

FlyCms 1.0 - Cross-Site Request Forgery via Article Category Edit

Previous Page 142 of 374 Next

Details

Vulnerabilities 9,348

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy