CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-42751 HIGH
CandidATS 3.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-3852 HIGH
VR Calendar < 2.3.3 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-3776 HIGH
Restaurant Menu - Food Ordering System - Table Reservation < 2.3.2 - Cross-Site Request Forgery via AJAX Actions
CVSS 8.8
CVE-2022-40291 HIGH
php_point_of_sale - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-3419 MEDIUM
Automatic User Roles Switcher < 1.1.2 - Authenticated Privilege Escalation via Missing Authorization
CVSS 6.5
CVE-2022-40488 MEDIUM
ProcessWire 3.0.200 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-43340 HIGH
dzzoffice 2.02.1_SC_UTF8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-41996 HIGH
ThemeFusion Avada <= 7.8.1 - Cross-Site Request Forgery leading to Arbitrary Plugin Installation
CVSS 8.8
CVE-2022-2762 MEDIUM
AdminPad < 2.2 - Cross-Site Request Forgery in Admin Note Update
CVSS 6.5
CVE-2022-42199 HIGH
Simple Exam Reviewer Management System 1.0 - Cross-Site Request Forgery via Exam List
CVSS 8.8
CVE-2022-43418 MEDIUM
Jenkins Katalon Plugin <1.0.33 - CSRF
CVSS 4.3
CVE-2022-43408 MEDIUM
Jenkins Pipeline: Stage View Plugin <2.26 - CSRF Bypass
CVSS 6.5
CVE-2022-43407 HIGH
Jenkins Pipeline: Input Step Plugin <451.vf1a_a_4f405289 - CSRF Bypass
CVSS 8.8
CVE-2022-41500 HIGH
EyouCMS V1.5.9 - Cross-Site Request Forgery via Members Center, Editorial Membership, and Points Recharge
CVSS 8.8
CVE-2022-3585 MEDIUM
SourceCodester Simple Cold Storage Management System 1.0 - CSRF
CVSS 4.3
CVE-2022-3582 MEDIUM
SourceCodester Simple Cold Storage Management System 1.0 - CSRF
CVSS 4.3
CVE-2022-23771 HIGH
IPTIME NAS1DUAL, NAS2DUAL, NAS4DUAL Firmware < 1.4.86 - Cross-Site Request Forgery in User Account Management
CVSS 8.0
CVE-2022-3151 MEDIUM
WP Custom Cursors < 3.0.1 - Cross-Site Request Forgery via Cursor Deletion
CVSS 4.3
CVE-2022-3149 MEDIUM
WP Custom Cursors < 3.0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-3126 MEDIUM
Frontend File Manager Plugin < 21.4 - Cross-Site Request Forgery via File Upload
CVSS 4.3
CVE-2022-3082 MEDIUM
miniOrange Discord Integration <2.1.6 - CSRF
CVSS 6.5
CVE-2022-42070 HIGH
Online Birth Certificate Management System 1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-35611 MEDIUM
MQTTRoute <= 3.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-41489 HIGH
WAYOS LQ-09 22.03.17V - Cross-Site Request Forgery via Usb_upload.htm
CVSS 8.1
CVE-2022-41475 HIGH
RPCMS 3.0.2 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium