CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,357 vulnerabilities with CWE-352
CVE-2023-32991 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-32989 HIGH
Jenkins Azure VM Agents Plugin < 852.v8d35f0960a_43 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-32987 HIGH
Jenkins Reverse Proxy Auth Plugin < 1.7.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-32980 MEDIUM
Jenkins Email Extension Plugin < 2.96 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-32978 MEDIUM
Jenkins LDAP Plugin < 673.v034ec70ec2b_b - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-0763 MEDIUM
Clock In Portal- Staff & Attendance Management < 2.1 - Cross-Site Request Forgery via Holiday Deletion
CVSS 4.3
CVE-2023-28361 MEDIUM
UniFi OS < 3.0.13 - Cross-Site WebSocket Hijacking
CVSS 6.5
CVE-2023-2444 HIGH
Rockwell Automation FactoryTalk VantagePoint < 8.40 - Cross-Site Request Forgery
CVSS 7.1
CVE-2023-27889 HIGH
LIQUID SPEECH BALLOON < 1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-25832 HIGH
Esri Portal for ArcGIS < 11.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-0522 MEDIUM
Enable/Disable Auto Login when Register < 1.1.0 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2023-2552 HIGH
bumsys < 2.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-1965 MEDIUM
GitLab EE <15.9.6, <15.10.5, <15.11.1 - Open Redirect
CVSS 6.8
CVE-2023-25967 MEDIUM
PeepSo Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23790 HIGH
Pods Framework Team Pods - Custom Content Types and Fields <= 2.9.10.2 - Cross-Site Request Forgery
CVSS 7.1
CVE-2023-22691 MEDIUM
Category Specific RSS feed Subscription <= v2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-2474 MEDIUM
Rebuild 3.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-29815 HIGH
mccms v2.6.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-2307 MEDIUM
Qwik < 0.104.0 - Cross-Site Request Forgery
CVSS 4.7
CVE-2023-26841 MEDIUM
ChurchCRM 4.5.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-26840 MEDIUM
ChurchCRM 4.5.3 - Cross-Site Request Forgery
CVSS 5.3
CVE-2023-26839 MEDIUM
ChurchCRM 4.5.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-1414 MEDIUM
WP VR <8.3.0 - CSRF
CVSS 4.3
CVE-2023-31061 HIGH
Repetier Server < 1.4.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-23879 MEDIUM
Nicolas Zeh PHP Execution <= 1.0.0 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,357
Exploit Likelihood Medium