CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,357 vulnerabilities with CWE-352
CVE-2023-22686 MEDIUM
TriniTronic Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-29020 MEDIUM
fastify/passport < 1.1.0 - Cross-Site Request Forgery Protection Bypass via Session Fixation
CVSS 6.5
CVE-2023-2228 MEDIUM
modoboa < 2.1.0 - Cross-Site Request Forgery
CVSS 6.8
CVE-2023-30616 MEDIUM
Form Block < 1.0.2 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 6.5
CVE-2023-27495 MEDIUM
@fastify/csrf-protection < 4.1.0 - CSRF Protection Bypass via Predictable userInfo Parameter
CVSS 5.3
CVE-2023-29213 CRITICAL
XWiki Platform < 13.10.11 - Authenticated Remote Code Execution via URL Expression Injection
CVSS 9.0
CVE-2023-30474 MEDIUM
Ultimate Noindex Nofollow Tool II <= 1.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-30529 MEDIUM
Jenkins Lucene-Search Plugin < 387.v938a_ecb_f7fe9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-30525 HIGH
Jenkins Report Portal Plugin < 0.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-25411 MEDIUM
Aten PE8108 2.4.232 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-26845 MEDIUM
OpenCATS 0.9.7 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-27520 MEDIUM
Epson Printers Web Config - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-1937 MEDIUM
My-Blog - Cross-Site Request Forgery via /admin/configurations/userInfo
CVSS 4.3
CVE-2023-1927 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via deleteCssAndJsCacheToolbar
CVSS 4.3
CVE-2023-1926 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via deleteCacheToolbar Function
CVSS 4.3
CVE-2023-1925 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via Cache Clear Function
CVSS 4.3
CVE-2023-1924 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via wpfc_toolbar_save_settings_callback
CVSS 4.3
CVE-2023-1923 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via CDN Integration AJAX Request
CVSS 4.3
CVE-2023-1922 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via wpfc_pause_cdn_integration_ajax_request_callback
CVSS 4.3
CVE-2023-1921 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via CDN Integration
CVSS 4.3
CVE-2023-1920 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via Varnish Cache Purge
CVSS 4.3
CVE-2023-1919 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via wpfc_preload_single_save_settings_callback
CVSS 4.3
CVE-2023-1918 MEDIUM
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via wpfc_preload_single_callback
CVSS 4.3
CVE-2023-29008 HIGH
SvelteKit < 1.15.2 - Cross-Site Request Forgery via Uppercase Content-Type Header Bypass
CVSS 8.8
CVE-2023-23801 MEDIUM
HasThemes Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,357
Exploit Likelihood Medium