CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-1251 MEDIUM
Ask me WordPress theme < 6.8.4 - Cross-Site Request Forgery via Edit Profile Page
CVSS 4.3
CVE-2022-36579 HIGH
Wellcms 2.2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36577 HIGH
jizhicms v2.3.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36225 HIGH
EyouCMS V1.5.8-UTF8-SP1 - Cross-Site Request Forgery via Background Column Management
CVSS 8.8
CVE-2022-36224 HIGH
XunRuiCMS V4.5.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-23765 HIGH
IPTIME NAS Dual Firmware < 1.4.86 - Cross-Site Request Forgery via Password Change
CVSS 8.0
CVE-2022-2846 MEDIUM
Calendar Event Multi View WP <1.4.07 - XSS
CVSS 4.3
CVE-2022-36312 HIGH
Airspan AirVelocity <15.18.00.2511 - CSRF
CVSS 8.8
CVE-2022-38359 HIGH
Eyes of Network Web - Cross-Site Request Forgery via Admin User Deletion
CVSS 8.8
CVE-2022-2381 HIGH
E Unlocked - Student Result <1.0.4 - CSRF
CVSS 8.8
CVE-2022-35943 MEDIUM
CodeIgniter Shield <1.0.0-beta.2 - Cross-Site Request Forgery Bypass via SameSite Attack
CVSS 5.9
CVE-2022-37043 MEDIUM
Zimbra Collaboration Suite 8.8.15 and 9.0 - Cross-Site Request Forgery via Preauth POST Endpoints
CVSS 5.7
CVE-2022-2355 MEDIUM
Easy Username Updater <1.0.5 - CSRF
CVSS 6.5
CVE-2022-33201 MEDIUM
MailerLite - Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery
CVSS 6.3
CVE-2022-34158 HIGH
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via Image Plugin
CVSS 8.8
CVE-2022-28731 MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via UserPreferences.jsp
CVSS 6.5
CVE-2022-34937 HIGH
Yuba U5cms - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36968 MEDIUM
Progress WS_FTP Server < 8.7.3 - Cross-Site Request Forgery in Administrative Interface
CVSS 4.3
CVE-2022-34161 HIGH
IBM CICS TX 11.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-2260 MEDIUM
GiveWP < 2.21.3 - Cross-Site Request Forgery via Data Export Function
CVSS 6.5
CVE-2022-2245 HIGH
Counter Box < 1.2.1 - Cross-Site Request Forgery via Counter Activation/Deactivation
CVSS 8.8
CVE-2022-2184 HIGH
CAPTCHA 4WP < 7.1.0 - Remote Code Execution via Admin Template Require Once
CVSS 8.8
CVE-2022-2171 MEDIUM
Progressive License WordPress <1.1.0 - CSRF & XSS
CVSS 5.4
CVE-2022-26309 LOW
Pandora FMS < 7.0_ng_759 - Cross-Site Request Forgery in Bulk User Operation
CVSS 3.7
CVE-2022-36920 HIGH
Jenkins Coverity Plugin < 1.11.4 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium