CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-27632 HIGH
Meikyo Rebooter, PoE Rebooter, Scheduler, and Contact Converter - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-29436 MEDIUM
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery Leading to Persistent Cross-Site Scripting
CVSS 4.7
CVE-2022-29435 MEDIUM
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-29429 HIGH
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery Leading to Remote Code Execution
CVSS 8.8
CVE-2022-30972 HIGH
Jenkins Storable Configs Plugin <1.0 - CSRF
CVSS 8.8
CVE-2022-30969 HIGH
Jenkins Autocomplete Parameter Plugin <1.1 - CSRF
CVSS 8.8
CVE-2022-30958 HIGH
Jenkins SSH Plugin < 2.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-30953 MEDIUM
Jenkins Blue Ocean Plugin <1.25.3 - CSRF
CVSS 6.5
CVE-2022-30946 MEDIUM
Jenkins Script Security Plugin <1158.v7c1b_73a_69a_08 - CSRF
CVSS 4.3
CVE-2022-1418 MEDIUM
Social Stickers < 2.2.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-1407 MEDIUM
VikBooking < 1.5.8 - CSRF and Stored XSS via Tracking Campaign
CVSS 6.5
CVE-2022-1389 LOW
F5 BIG-IP 11.6.x-16.1.x - Cross-Site Request Forgery in Configuration Utility
CVSS 3.1
CVE-2022-25778 MEDIUM
Secomea GateManager 4250/4260/8250/9250 Firmware < 9.7.622134021 - Cross-Site Request Forgery
CVSS 4.2
CVE-2022-0916 HIGH
Logitech Options < 9.60.87 - Cross-Site Request Forgery via OAuth State Parameter
CVSS 8.4
CVE-2022-0952 HIGH
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Option Update via REST Endpoint
CVSS 8.8
CVE-2022-0191 MEDIUM
Ad Invalid Click Protector < 1.2.7 - Cross-Site Request Forgery in Ban Deletion
CVSS 6.5
CVE-2022-23904 HIGH
Rainworx Auctionworx < 3.1R2 - CSRF
CVSS 8.0
CVE-2022-29451 HIGH
Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery Leading to Arbitrary File Upload
CVSS 8.8
CVE-2022-29414 MEDIUM
WPKube Subscribe To Comments Reloaded <= 211130 - CSRF
CVSS 5.4
CVE-2022-29905 MEDIUM
MediaWiki FanBoxes < 1.37.2 - Cross-Site Request Forgery via Special:UserBoxes
CVSS 4.3
CVE-2022-29903 MEDIUM
MediaWiki Private Domains Extension < 1.37.2 - Cross-Site Request Forgery via Special:PrivateDomains
CVSS 4.3
CVE-2022-29555 HIGH
Northern.tech Mender 2.6.0-3.2.2 - Cross-Site Request Forgery in Deviceconnect Microservice
CVSS 8.8
CVE-2022-29413 MEDIUM
Mufeng Hermit <= 3.1.6 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting via Title Parameter
CVSS 4.7
CVE-2022-29412 MEDIUM
Hermit <= 3.1.6 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-28892 HIGH
Mahara < 20.10.5, 21.04.4, 21.10.2, and 22.04.0 - Cross-Site Request Forgery via Weak Token Generation
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium