CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-45668 MEDIUM
Tenda i22 V1.0.0.3(4687) - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-45667 MEDIUM
Tenda i22 V1.0.0.3(4687) - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-45674 MEDIUM
Tenda AC6V1.0 V15.03.05.19 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-45673 MEDIUM
Tenda AC6V1.0 V15.03.05.19 - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-41297 MEDIUM
IBM Db2U 3.5-4.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-40489 HIGH
ThinkCMF < 6.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-26366 MEDIUM
AdRotate Banner Manager Plugin <= 5.9 - CSRF
CVSS 5.4
CVE-2022-41413 MEDIUM
perfSONAR 4.0-4.4.5 - Cross-Site Request Forgery via Search Function
CVSS 4.3
CVE-2022-3898 HIGH
WP Affiliate Platform <6.3.9 - CSRF
CVSS 8.8
CVE-2022-3747 HIGH
Becustom <= 1.0.5.2 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-44937 MEDIUM
Bosscms v2.0.0 - Cross-Site Request Forgery via Administrator List Add Function
CVSS 6.5
CVE-2022-34654 MEDIUM
Manage Notification E-mails < 1.8.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-23044 HIGH
Tiny File Manager 2.4.8 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4090 MEDIUM
rickxy Stock Management System - CSRF
CVSS 4.3
CVE-2022-41927 HIGH
XWiki Platform 3.2-13.10.6 - Cross-Site Request Forgery in Tag Management
CVSS 7.4
CVE-2022-41925 HIGH
Tailscale < 1.32.3 - Cross-Site Request Forgery via DNS Rebinding
CVSS 8.8
CVE-2022-41924 CRITICAL
Tailscale < 1.32.3 - Remote Code Execution via Local API Host Header Spoofing
CVSS 9.6
CVE-2022-45149 MEDIUM
Moodle 3.9.0-3.9.17 - Cross-Site Request Forgery via Course Redirect URL
CVSS 5.4
CVE-2022-41919 MEDIUM
fastify 3.0.0-3.29.3 and 4.0.0-4.10.1 - Cross-Site Request Forgery via Incorrect Content-Type Bypass
CVSS 4.2
CVE-2022-44737 MEDIUM
All-In-One Security (AIOS) - Security and Firewall < 5.1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-3750 MEDIUM
inkthemes ask_me < 6.8.7 - Cross-Site Request Forgery
CVSS 4.7
CVE-2022-45073 MEDIUM
WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-44740 MEDIUM
Creative Mail by Constant Contact <= 1.5.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-41685 MEDIUM
Szamlazz.hu & WooCommerce <=5.6.3.2 - CSRF
CVSS 5.4
CVE-2022-41634 MEDIUM
Media Library Folders <7.1.1 - CSRF
CVSS 5.4
Details
Vulnerabilities 9,371
Exploit Likelihood Medium