CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-29050 HIGH
Jenkins Publish Over FTP Plugin <1.16 - CSRF
CVSS 8.8
CVE-2022-29048 MEDIUM
Jenkins Subversion Plugin <2.15.3 - CSRF
CVSS 4.3
CVE-2022-0141 HIGH
Visual Form Builder < 3.0.6 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 8.1
CVE-2022-25754 HIGH
SCALANCE X302-7 EEC Firmware < 4.1.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25615 MEDIUM
StylemixThemes eRoom - Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery Leading to Cache Deletion
CVSS 4.3
CVE-2022-25614 MEDIUM
StylemixThemes eRoom - Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery Leading to Sync with Zoom Meetings
CVSS 4.3
CVE-2022-0914 MEDIUM
Export All URLs < 4.3 - Cross-Site Request Forgery via Data Export
CVSS 6.5
CVE-2022-26588 MEDIUM
IceHrm 31.0.0.OS - Cross-Site Request Forgery via Delete User Endpoint
CVSS 6.5
CVE-2022-26180 HIGH
qdPM 9.2 - Cross-Site Request Forgery via My Account Update Endpoint
CVSS 8.8
CVE-2022-20774 MEDIUM
Cisco IP Phone 6800, 7800, and 8800 Series Multiplatform Firmware < 11.3.5 - Cross-Site Request Forgery
CVSS 6.8
CVE-2022-0830 MEDIUM
FormBuilder WordPress Plugin <= 1.08 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.5
CVE-2022-0088 HIGH
YOURLS < 1.8.3 - Cross-Site Request Forgery
CVSS 7.4
CVE-2022-27432 HIGH
Pluck CMS 4.7.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-28152 MEDIUM
Jenkins Job and Node Ownership Plugin < 0.13.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-28150 HIGH
Jenkins Job and Node Ownership Plugin < 0.13.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-28143 MEDIUM
Jenkins Proxmox Plugin < 0.7.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-28138 MEDIUM
Jenkins RocketChat Notifier Plugin < 1.4.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-28136 HIGH
Jenkins JiraTestResultReporter < 165.v817928553942 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-0427 HIGH
GitLab 14.5-14.5.4 - Cross-Site Request Forgery via Jupyter Notebook HTML Attribute
CVSS 7.7
CVE-2022-0833 MEDIUM
Church Admin WordPress Plugin < 3.4.135 - Unauthenticated Missing Authorization and CSRF via Refresh-Backup Action
CVSS 4.3
CVE-2022-0770 HIGH
Translate WordPress with GTranslate <2.9.9 - CSRF
CVSS 8.8
CVE-2022-0499 HIGH
Sermon Browser < 0.45.22 - Unauthenticated Arbitrary File Upload via CSRF
CVSS 8.8
CVE-2022-25523 HIGH
Typesetter - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25576 MEDIUM
Anchor CMS 0.12.7 - Cross-Site Request Forgery via Posts Route
CVSS 4.5
CVE-2022-25268 HIGH
Passwork < 4.6.13 - Cross-Site Request Forgery via Groups, Password, and History Subsystems
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium