CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-23983 MEDIUM
WP Content Copy Protection & No Right Click <3.4.4 - CSRF
CVSS 4.3
CVE-2022-0313 MEDIUM
Float menu < 4.3.1 - Cross-Site Request Forgery via Menu Deletion
CVSS 4.3
CVE-2022-0199 MEDIUM
Coming soon and Maintenance mode < 3.6.8 - Cross-Site Request Forgery via coming_soon_send_mail AJAX Action
CVSS 4.3
CVE-2022-0164 MEDIUM
Coming soon and Maintenance mode < 3.5.3 - Authenticated Arbitrary Email Sending via coming_soon_send_mail AJAX Action
CVSS 4.3
CVE-2022-0134 HIGH
AnyComment WordPress <0.2.18 - CSRF
CVSS 8.8
CVE-2022-0638 MEDIUM
Packagist microweber/microweber <1.2.11 - CSRF
CVSS 4.3
CVE-2022-25242 HIGH
FileCloud < 21.3.0.18447 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2022-25241 HIGH
FileCloud < 21.3.0.18447 - Cross-Site Request Forgery via CSV User Import
CVSS 8.8
CVE-2022-25212 HIGH
Jenkins SWAMP < 1.2.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25207 HIGH
Jenkins Chef Sinatra Plugin < 1.20 - Cross-Site Request Forgery via XML Response Parsing
CVSS 8.8
CVE-2022-25205 HIGH
Jenkins dbCharts Plugin <= 0.5.2 - Cross-Site Request Forgery via JDBC Connection
CVSS 8.8
CVE-2022-25200 HIGH
Jenkins Checkmarx Plugin < 2022.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25198 HIGH
Jenkins SCP publisher Plugin < 1.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25194 HIGH
Jenkins autonomiq < 1.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25192 HIGH
Jenkins Snow Commander Plugin < 1.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-23384 HIGH
YzmCMS v6.3 - Cross-Site Request Forgery in Admin Add Endpoint
CVSS 8.8
CVE-2022-22811 HIGH
Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk < 2.6.2 - Cross-Site Request Forgery
CVSS 8.1
CVE-2022-22808 HIGH
Schneider-electric Hmibscea53d1edb Firmware < 4.0.0.13 - CSRF
CVSS 8.8
CVE-2022-21703 MEDIUM
Grafana 3.0.1-7.5.14 - Cross-Site Request Forgery for Privilege Escalation
CVSS 6.3
CVE-2022-0505 MEDIUM
Packagist microweber/microweber <1.2.11 - CSRF
CVSS 6.5
CVE-2022-23601 HIGH
Symfony <5.3.15 - Cross-Site Request Forgery due to Missing Default CSRF Protection
CVSS 8.1
CVE-2022-23888 HIGH
YzmCMS v6.3 - Cross-Site Request Forgery via Comment Initialization Endpoint
CVSS 8.8
CVE-2022-23887 MEDIUM
YzmCMS v6.3 - Cross-Site Request Forgery via Admin Account Deletion
CVSS 6.5
CVE-2022-0335 HIGH
Moodle < 3.8.9 and 3.11 < 3.11.5 - Cross-Site Request Forgery in Badge Alignment Deletion
CVSS 8.8
CVE-2022-0269 HIGH
yetiforce/yetiforce-crm <6.3.0 - CSRF
CVSS 8.0
Details
Vulnerabilities 9,371
Exploit Likelihood Medium