CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,354 vulnerabilities with CWE-352
CVE-2023-37992 MEDIUM
Smarty for WordPress <= 3.1.35 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-37991 MEDIUM
Monchito.Net WP Emoji One <= 0.6.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37891 MEDIUM
OptiMonk: Popups, Personalization & A/B Testing <= 2.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-41086 HIGH
Furuno Systems ACERA Wireless LAN Access Point Firmware - Cross-Site Request Forgery in ST Mode
CVSS 8.8
CVE-2023-4659 CRITICAL
free5gc - Cross-Site Request Forgery via Token Manipulation
CVSS 9.8
CVE-2023-41452 HIGH
phpkobo AjaxNewTicker <1.0.5 - CSRF
CVSS 8.8
CVE-2023-44161 MEDIUM
Acronis Cyber Protect 15 < build 35979 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-44160 MEDIUM
Acronis Cyber Protect 15 < build 35979 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-40048 MEDIUM
WS_FTP Server < 8.8.2 - Cross-Site Request Forgery in Server Manager Interface
CVSS 6.8
CVE-2023-35793 HIGH
Cassia Access Controller 2.1.1.2303271039 - Cross-Site Request Forgery in Web SSH Session
CVSS 8.8
CVE-2023-43278 HIGH
Seacms < 12.8 - Cross-Site Request Forgery in admin_manager.php
CVSS 8.8
CVE-2023-42321 HIGH
icmsdev iCMS 7.0.16 - Cross-Site Request Forgery via admincp.php Files
CVSS 8.8
CVE-2023-43502 MEDIUM
Jenkins Build Failure Analyzer Plugin <2.4.1 - CSRF
CVSS 4.3
CVE-2023-43500 HIGH
Jenkins Build Failure Analyzer Plugin <2.4.1 - CSRF
CVSS 8.8
CVE-2023-2508 MEDIUM
PaperCut Mobility Print Server 1.0.3512 - Cross-Site Request Forgery in Printer Discovery Configuration
CVSS 5.3
CVE-2023-39446 HIGH
Socomec Modulys GP Firmware - Cross-Site Request Forgery
CVSS 8.9
CVE-2023-5036 HIGH
memos < 0.15.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-42270 HIGH
grocy <= 4.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-4959 MEDIUM
Quay - Cross-Site Request Forgery in Config-Editor Page
CVSS 6.5
CVE-2023-40868 HIGH
mooSocial Demo - Cross-Site Request Forgery via Delete Account and Deactivate Functions
CVSS 8.8
CVE-2023-39286 MEDIUM
Mitel Connect Mobility Router < 9.6.2307.111 - Unauthenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2023-39285 MEDIUM
Mitel MiVoice Connect < 22.24.7100.0 - Unauthenticated Cross-Site Request Forgery in Edge Gateway
CVSS 4.3
CVE-2023-4916 HIGH
Login with phone number < 1.5.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2023-4869 MEDIUM
SourceCodester Contact Manager App 1.0 - CSRF
CVSS 4.3
CVE-2023-4868 MEDIUM
SourceCodester Contact Manager App 1.0 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,354
Exploit Likelihood Medium