CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-36916
HIGH
Jenkins Google Cloud Backup Plugin < 0.6 - Cross-Site Request Forgery
CVSS 8.0
CVE-2022-36911
MEDIUM
Jenkins Openstack Heat Plugin < 1.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-36908
MEDIUM
Jenkins OpenShift Deployer Plugin < 1.2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-36906
MEDIUM
Jenkins OpenShift Deployer Plugin < 1.2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-36887
MEDIUM
Jenkins Job Configuration History Plugin < 1155.v28a_46a_cc06a_5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-36886
MEDIUM
Jenkins External Monitor Job Type Plugin < 191.v363d0d1efdf8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-36882
HIGH
Jenkins Git Plugin < 4.11.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-35286
HIGH
IBM Security Verify Information Queue 10.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-22686
MEDIUM
Synology Calendar < 2.3.4-0631 - Authenticated Cross-Site Request Forgery in WebAPI Component
CVSS 6.5
CVE-2022-35285
HIGH
IBM Security Verify Information Queue 10.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-2071
MEDIUM
Name Directory < 1.25.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Name Import
CVSS 6.1
CVE-2022-29495
MEDIUM
Sygnoos Popup Builder <= 4.1.11 - Cross-Site Request Forgery Leading to Plugin Settings Update
CVSS 5.4
CVE-2022-30337
MEDIUM
JoomUnited WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery in Social Settings Update
CVSS 5.4
CVE-2022-32289
MEDIUM
Sygnoos Popup Builder <= 4.1.0 - Cross-Site Request Forgery Leading to Popup Status Change
CVSS 5.4
CVE-2022-34367
MEDIUM
Dell EMC Data Protection Central 19.1-19.6 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-20861
CRITICAL
Cisco Nexus Dashboard 1.1-2.2(1e) - Unauthenticated Remote Code Execution and Arbitrary File Read/Write
CVSS 9.8
CVE-2022-29454
LOW
WordPlus Better Messages <= 1.9.9.148 - Cross-Site Request Forgery via File Upload
CVSS 3.1
CVE-2022-22359
MEDIUM
IBM Sterling Partner Engagement Manager <6.1.2, 6.2, 22.2 - CSRF
CVSS 6.5
CVE-2022-2443
HIGH
FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery via FreemindOptions() Function
CVSS 8.8
CVE-2022-2435
HIGH
AnyMind Widget < 1.1 - Cross-Site Request Forgery via createDOMStructure() Function
CVSS 8.8
CVE-2022-2224
MEDIUM
Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery via gifeed_duplicate_feed Function
CVSS 5.4
CVE-2022-2223
MEDIUM
ghozylab Image Slider <= 1.1.121 - Cross-Site Request Forgery via ewic_duplicate_slider Function
CVSS 5.4
CVE-2022-2039
HIGH
Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery via livesupporti_settings()
CVSS 8.8
CVE-2022-2001
HIGH
DX Share Selection <= 1.4 - Cross-Site Request Forgery via dxss_admin_page()
CVSS 8.8
CVE-2022-1912
HIGH
Button Widget Smartsoft <1.0.1 - CSRF
CVSS 8.8
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium