CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2022-45067 MEDIUM
Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-44585 MEDIUM
Homepage Pop-up <= 1.2.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-40692 MEDIUM
Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-36401 MEDIUM
TeraWallet - WooCommerce <= 1.3.24 - CSRF
CVSS 5.4
CVE-2022-32516 HIGH
Conext ComBox Firmware - Cross-Site Request Forgery via POST Request
CVSS 7.5
CVE-2022-4872 MEDIUM
Chained Products < 2.12.0 - Unauthenticated Missing Authorization
CVSS 4.3
CVE-2022-4553 MEDIUM
FL3R FeelBox < 8.1 - Cross-Site Request Forgery via Mood Reset Action
CVSS 4.3
CVE-2022-4552 MEDIUM
FL3R FeelBox < 8.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 6.1
CVE-2022-43980 MEDIUM
Pandora FMS < 766 - Stored Cross-Site Scripting in Network Maps Editing
CVSS 5.2
CVE-2022-37719 HIGH
EdgeNexus Application Delivery Controller 4.2.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4548 MEDIUM
Optimize images ALT Text & names for SEO using AI < 2.0.8 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-47395 HIGH
Sewio Real-Time Location System Studio 2.0.0-2.6.2 - Cross-Site Request Forgery in Monitor Services
CVSS 8.1
CVE-2022-45127 HIGH
Sewio Real-Time Location System Studio 2.0.0-2.6.2 - Cross-Site Request Forgery in Backup Services
CVSS 8.1
CVE-2022-4621 HIGH
Panasonic Sanyo CCTV Network Cameras - CSRF
CVSS 7.5
CVE-2022-30544 MEDIUM
MiKa OSM - OpenStreetMap <= 6.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-43719 HIGH
Apache Superset < 1.5.2 and 2.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-46368 MEDIUM
Rumpus < 9.0.7.1 - Cross-Site Request Forgery
CVSS 6.8
CVE-2022-46367 MEDIUM
Rumpus - CSRF - Privilege Escalation
CVSS 6.8
CVE-2022-4707 MEDIUM
Royal Elementor Addons < 1.3.59 - Cross-Site Request Forgery via Mega Menu Template Creation
CVSS 4.3
CVE-2022-4103 MEDIUM
Royal Elementor Addons < 1.3.56 - Authenticated Missing Authorization for Template Creation
CVSS 4.3
CVE-2022-4102 LOW
Royal Elementor Addons < 1.3.56 - Authenticated Arbitrary Post Deletion via Template Deletion
CVSS 3.1
CVE-2022-42435 MEDIUM
IBM Business Automation Workflow 18.0.0-22.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-3911 HIGH
iubenda-cookie-law-solution < 3.3.3 - Authenticated Privilege Escalation via AJAX Action
CVSS 8.8
CVE-2022-4867 MEDIUM
froxlor/froxlor <2.0.0-beta1 - CSRF
CVSS 4.3
CVE-2022-4850 MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,363
Exploit Likelihood Medium