CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-41474 MEDIUM
RPCMS v3.0.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-34020 HIGH
ResIOT ResIOT IOT Platform + LoRaWAN Network Server <4.1.1000114 - ...
CVSS 8.8
CVE-2022-42087 MEDIUM
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-42086 MEDIUM
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 - Cross-Site Request Forgery via TendaAteMode
CVSS 6.5
CVE-2022-42078 MEDIUM
Tenda AC1206 Firmware US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-42077 MEDIUM
Tenda AC1206 Firmware US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-38086 MEDIUM
Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-32175 MEDIUM
AdGuardHome 0.95-0.108.0-b.13 - Cross-Site Request Forgery in Custom Filtering Rules
CVSS 5.4
CVE-2022-40180 MEDIUM
Siemens Desigo PXM and PXG3 - Cross-Site Request Forgery in Import Files Functionality
CVSS 5.3
CVE-2022-40179 HIGH
Siemens Desigo PXM and PXG3 - Cross-Site Request Forgery in Operation Web Application
CVSS 8.1
CVE-2022-3208 MEDIUM
Simple File List < 4.4.12 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 6.5
CVE-2022-3154 HIGH
Woo Billingo Plus < 4.4.5.4 - Cross-Site Request Forgery in AJAX Actions
CVSS 7.1
CVE-2022-2350 MEDIUM
Disable User Login < 1.0.1 - Unauthenticated Missing Authorization
CVSS 5.3
CVE-2022-22493 HIGH
IBM WebSphere Automation <1.4.2 - CSRF
CVSS 8.8
CVE-2022-2986 HIGH
moodle 3.11.0-3.11.8 - Cross-Site Request Forgery via H5P Library Toggle
CVSS 8.8
CVE-2022-2783 MEDIUM
Octopus Server 3.12.0-2022.1.3154 - Cross-Site Request Forgery via Session Cookie
CVSS 5.3
CVE-2022-2839 MEDIUM
Zephyr Project Manager WordPress <3.2.55 - CSRF, XSS
CVSS 5.4
CVE-2022-39268 HIGH
orchest 2022.03.7-2022.09.9 - Cross-Site Request Forgery
CVSS 8.1
CVE-2022-3057 MEDIUM
Google Chrome <105.0.5195.52 - Info Disclosure
CVSS 6.5
CVE-2022-3119 HIGH
OAuth client Single Sign On WordPress plugin < 3.0.4 - Unauthenticated Settings Update and OAuth Endpoint Hijack
CVSS 7.5
CVE-2022-3098 MEDIUM
Login Block IPs < 1.0.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-3025 MEDIUM
Bitcoin / Altcoin Faucet WordPress <1.6.0 - CSRF & XSS
CVSS 5.4
CVE-2022-3024 MEDIUM
Simple Bitcoin Faucets <1.7.0 - CSRF & XSS
CVSS 5.4
CVE-2022-2987 HIGH
Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update and Authentication Bypass
CVSS 7.5
CVE-2022-2405 MEDIUM
WP Popup Builder < 1.2.9 - Authenticated Arbitrary Popup Deletion via Missing Authorization
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium