CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,354 vulnerabilities with CWE-352
CVE-2023-40337 MEDIUM
Jenkins Folders Plugin < 6.846.v23698686f0f6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-40336 HIGH
Jenkins Folders Plugin < 6.846.v23698686f0f6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-4277 HIGH
Realia <= 1.4.0 - Cross-Site Request Forgery via Profile Form Submission
CVSS 8.8
CVE-2023-4276 HIGH
Absolute Privacy < 2.1 - Cross-Site Request Forgery via abpr_profileShortcode Function
CVSS 8.8
CVE-2023-38348 HIGH
LWsystems Benno MailArchiv 2.10.1 - CSRF
CVSS 8.8
CVE-2023-38999 MEDIUM
OPNsense < 23.7 - Cross-Site Request Forgery in System Halt API
CVSS 6.5
CVE-2023-31452 HIGH
PRTG Network Monitor < 23.3.86.1520 - Cross-Site Request Forgery Token Bypass
CVSS 8.8
CVE-2023-38759 HIGH
wger Project wger Workout Manager 2.2.0a3 - CSRF
CVSS 8.8
CVE-2023-4047 HIGH
Firefox < 116 - Cross-Site Request Forgery via Permission Popup Notification Delay
CVSS 8.8
CVE-2023-33534 HIGH
Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G - CSRF
CVSS 8.8
CVE-2023-3977 MEDIUM
Backupbliss Backup Migration < 1.2.8 - CSRF
CVSS 4.3
CVE-2023-38512 MEDIUM
wpstream WpStream <= 4.5.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-3414 MEDIUM
Jenkins ServiceNow DevOps < 1.38.1 - Cross-Site Request Forgery
CVSS 6.1
CVE-2023-39156 MEDIUM
Jenkins Bazaar Plugin < 1.22 - Cross-Site Request Forgery via SCM Tag Deletion
CVSS 5.3
CVE-2023-39153 MEDIUM
Jenkins GitLab Auth Plugin <1.17.1 - CSRF
CVSS 5.4
CVE-2023-3841 MEDIUM
NxFilter 4.3.2.5 - Cross-Site Request Forgery in user.jsp
CVSS 4.3
CVE-2023-32625 MEDIUM
TS Webfonts for SAKURA <= 3.1.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37650 HIGH
Cockpit CMS < 2.5.2 - Cross-Site Request Forgery in Admin Portal
CVSS 8.8
CVE-2023-28023 MEDIUM
BigFix WebUI < 44 - Cross-Site Request Forgery in Software Distribution Interface
CVSS 4.9
CVE-2023-37973 MEDIUM
Replace Word < 2.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-37892 MEDIUM
Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37889 MEDIUM
WPAdmin AWS CDN <= 2.0.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37387 MEDIUM
RadiusTheme Classified Listing <= 2.4.5 - Cross-Site Request Forgery Leading to Thumbnail Removal
CVSS 5.4
CVE-2023-37386 MEDIUM
Media Library Helper <= 1.2.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25036 MEDIUM
Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,354
Exploit Likelihood Medium