CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2023-23847 LOW
Synopsys Jenkins Coverity Plugin <3.0.2 - CSRF
CVSS 3.5
CVE-2023-23465 CRITICAL
Media CP Media Control Panel - Cross-Site Request Forgery
CVSS 9.1
CVE-2023-25767 HIGH
Jenkins Azure Credentials Plugin < 254.v64da_8176c83a - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-22942 MEDIUM
Splunk 8.1.0-8.1.12 - Cross-Site Request Forgery in Splunk Secure Gateway KV Store Endpoint
CVSS 5.4
CVE-2023-25065 MEDIUM
ShapedPlugin WP Tabs < 2.1.14 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-24382 MEDIUM
Photon WP Material Design Icons <1.4.2 - CSRF
CVSS 5.4
CVE-2023-24377 MEDIUM
Ecwid Ecommerce Shopping Cart <= 6.11.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25066 MEDIUM
FV Flowplayer Video Player <= 7.5.30.7212 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22375 HIGH
Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G - CSRF
CVSS 8.8
CVE-2023-0726 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder Function
CVSS 5.4
CVE-2023-0725 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder Function
CVSS 5.4
CVE-2023-0724 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_add_folder Function
CVSS 5.4
CVE-2023-0722 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_save_state Function
CVSS 5.4
CVE-2023-0685 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders Function
CVSS 5.4
CVE-2023-0735 MEDIUM
wallabag < 2.5.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-0730 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order Function
CVSS 5.4
CVE-2023-0727 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder Function
CVSS 5.4
CVE-2023-0723 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_move_object Function
CVSS 5.4
CVE-2023-0728 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_save_folder Function
CVSS 5.4
CVE-2023-0674 MEDIUM
XXL-JOB 2.3.1 - Cross-Site Request Forgery in New Password Handler
CVSS 4.3
CVE-2023-0642 MEDIUM
squidex < 7.4.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-25015 MEDIUM
Clockwork Web < 0.1.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-23750 MEDIUM
Joomla! 4.0.0-4.2.6 - Cross-Site Request Forgery in Post-Installation Messages
CVSS 6.3
CVE-2023-20856 HIGH
VMware vRealize Operations 8.6.0-8.6.4 - Cross-Site Request Forgery Bypass
CVSS 8.8
CVE-2023-0554 HIGH
Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery via AJAX Action Nonce Bypass
CVSS 8.1
Details
Vulnerabilities 9,363
Exploit Likelihood Medium