CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-27632
HIGH
Meikyo Rebooter, PoE Rebooter, Scheduler, and Contact Converter - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-29436
MEDIUM
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery Leading to Persistent Cross-Site Scripting
CVSS 4.7
CVE-2022-29435
MEDIUM
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-29429
HIGH
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery Leading to Remote Code Execution
CVSS 8.8
CVE-2022-30972
HIGH
Jenkins Storable Configs Plugin <1.0 - CSRF
CVSS 8.8
CVE-2022-30969
HIGH
Jenkins Autocomplete Parameter Plugin <1.1 - CSRF
CVSS 8.8
CVE-2022-30958
HIGH
Jenkins SSH Plugin < 2.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-30953
MEDIUM
Jenkins Blue Ocean Plugin <1.25.3 - CSRF
CVSS 6.5
CVE-2022-30946
MEDIUM
Jenkins Script Security Plugin <1158.v7c1b_73a_69a_08 - CSRF
CVSS 4.3
CVE-2022-1418
MEDIUM
Social Stickers < 2.2.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-1407
MEDIUM
VikBooking < 1.5.8 - CSRF and Stored XSS via Tracking Campaign
CVSS 6.5
CVE-2022-1389
LOW
F5 BIG-IP 11.6.x-16.1.x - Cross-Site Request Forgery in Configuration Utility
CVSS 3.1
CVE-2022-25778
MEDIUM
Secomea GateManager 4250/4260/8250/9250 Firmware < 9.7.622134021 - Cross-Site Request Forgery
CVSS 4.2
CVE-2022-0916
HIGH
Logitech Options < 9.60.87 - Cross-Site Request Forgery via OAuth State Parameter
CVSS 8.4
CVE-2022-0952
HIGH
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Option Update via REST Endpoint
CVSS 8.8
CVE-2022-0191
MEDIUM
Ad Invalid Click Protector < 1.2.7 - Cross-Site Request Forgery in Ban Deletion
CVSS 6.5
CVE-2022-23904
HIGH
Rainworx Auctionworx < 3.1R2 - CSRF
CVSS 8.0
CVE-2022-29451
HIGH
Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery Leading to Arbitrary File Upload
CVSS 8.8
CVE-2022-29414
MEDIUM
WPKube Subscribe To Comments Reloaded <= 211130 - CSRF
CVSS 5.4
CVE-2022-29905
MEDIUM
MediaWiki FanBoxes < 1.37.2 - Cross-Site Request Forgery via Special:UserBoxes
CVSS 4.3
CVE-2022-29903
MEDIUM
MediaWiki Private Domains Extension < 1.37.2 - Cross-Site Request Forgery via Special:PrivateDomains
CVSS 4.3
CVE-2022-29555
HIGH
Northern.tech Mender 2.6.0-3.2.2 - Cross-Site Request Forgery in Deviceconnect Microservice
CVSS 8.8
CVE-2022-29413
MEDIUM
Mufeng Hermit <= 3.1.6 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting via Title Parameter
CVSS 4.7
CVE-2022-29412
MEDIUM
Hermit <= 3.1.6 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-28892
HIGH
Mahara < 20.10.5, 21.04.4, 21.10.2, and 22.04.0 - Cross-Site Request Forgery via Weak Token Generation
CVSS 8.8
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium