CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-0215 HIGH
XootiX Login/Signup Popup <= 2.2, Side Cart Woocommerce <= 2.0, Waitlist Woocommerce <= 2.5.1 - CSRF via save_settings
CVSS 8.8
CVE-2022-0154 HIGH
GitLab <14.4.5, <14.5.3, <14.6.2 - CSRF
CVSS 7.5
CVE-2022-0245 MEDIUM
GitHub livehelperchat/livehelperchat <2.0 - CSRF
CVSS 4.3
CVE-2022-0180 HIGH
Quiz And Survey Master <7.3.7 - CSRF
CVSS 8.8
CVE-2022-0238 MEDIUM
phoronix_test_suite < 10.8.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-0226 MEDIUM
live_helper_chat < 2.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-0231 MEDIUM
live_helper_chat < 3.91 and remdex/livehelperchat < 3.92 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-0197 HIGH
phoronix_test_suite < 10.8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-0196 HIGH
phoronix_test_suite < 10.8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-23115 MEDIUM
Jenkins batch task < 1.19 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-23111 MEDIUM
Jenkins Publish Over SSH Plugin < 1.22 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-20619 HIGH
Jenkins Bitbucket Branch Source Plugin <737.vdf9dc06105be - CSRF
CVSS 7.1
CVE-2022-20613 MEDIUM
Jenkins Mailer Plugin <391.ve4a_38c1b_cf4b - CSRF
CVSS 4.3
CVE-2022-20612 MEDIUM
Jenkins < 2.319.1 and 2.320-2.329 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-47976 HIGH
TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
CVSS 8.8
CVE-2021-47953 MEDIUM
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
CVSS 4.3
CVE-2021-47946 MEDIUM
OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery
CVSS 5.3
CVE-2021-35486 HIGH
Nokia IMPACT <= 19.11.2.10-20210118042150283 - Cross-Site Request Forgery via Unvalidated CSRF-NONCE
CVSS 8.1
CVE-2021-47860 MEDIUM
GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE
CVSS 5.3
CVE-2021-47830 MEDIUM
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
CVSS 6.5
CVE-2021-47820 MEDIUM
Ubee EVW327 - Cross-Site Request Forgery to Enable Remote Access
CVSS 5.3
CVE-2021-47800 MEDIUM
b2evolution 7.2.2 - Cross-Site Request Forgery in Admin Account Details
CVSS 5.3
CVE-2021-47754 MEDIUM
Arunna 1.0.0 - Cross-Site Request Forgery via Profile Settings Form
CVSS 6.5
CVE-2021-41074 MEDIUM
QloApps hotel eCommerce 1.5.1 - CSRF
CVSS 5.4
CVE-2021-47722 LOW
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
CVSS 3.5
Details
Vulnerabilities 9,371
Exploit Likelihood Medium