CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-31631 HIGH
b2evolution CMS 7.2.3 - Cross-Site Request Forgery via User Login Page
CVSS 8.8
CVE-2021-35242 HIGH
SolarWinds Serv-U < 15.2.5 - Cross-Site Request Forgery via Session Token
CVSS 8.3
CVE-2021-24914 HIGH
Tawk.To Live Chat WordPress Plugin < 0.6.0 - Authenticated Missing Authorization via AJAX Actions
CVSS 8.0
CVE-2021-4005 MEDIUM
firefly-iii < 5.6.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-29756 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 - Cross-Site Request Forgery in My Inbox Page
CVSS 8.8
CVE-2021-3944 MEDIUM
BookStack < 21.11 - Cross-Site Request Forgery
CVSS 6.8
CVE-2021-44227 HIGH
GNU Mailman < 2.1.38 - Cross-Site Request Forgery via Admin Request
CVSS 8.8
CVE-2021-43137 HIGH
Hostel Management System 2.1 - XSS, CSRF
CVSS 8.8
CVE-2021-4017 HIGH
showdoc < 2.9.13 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-4015 MEDIUM
firefly-iii < 5.6.4 and grumpydictator/firefly-iii < 5.6.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3993 MEDIUM
showdoc < 2.9.13 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20860 HIGH
ELECOM LAN Routers - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-20851 HIGH
Browser and Operating System Finder <1.2 - CSRF
CVSS 8.8
CVE-2021-42364 HIGH
Stetic < 1.0.6 - Cross-Site Request Forgery via stats_page Function
CVSS 8.8
CVE-2021-42358 HIGH
Contact Form With Captcha < 1.6.2 - Cross-Site Request Forgery via Form Submission
CVSS 8.8
CVE-2021-24822 MEDIUM
Stylish Cost Calculator WordPress <7.0.4 - CSRF
CVSS 5.4
CVE-2021-24749 MEDIUM
URL Shortify < 1.5.1 - Cross-Site Request Forgery via Bulk Delete Action
CVSS 4.3
CVE-2021-43777 MEDIUM
Redash < 10.0.0 - Open Redirect via Google Login State Parameter
CVSS 6.8
CVE-2021-20846 HIGH
Push Notifications for WordPress (Lite) <6.0.1 - CSRF
CVSS 8.8
CVE-2021-20845 HIGH
Unlimited Sitemap Generator <v8.2 - CSRF
CVSS 8.8
CVE-2021-20842 MEDIUM
EC-CUBE 2.11.0-2.17.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-24703 MEDIUM
WordPress Download Plugin <1.6.1 - CSRF
CVSS 5.7
CVE-2021-24668 MEDIUM
MAZ Loader < 1.4.1 - Cross-Site Request Forgery via Nonce Check Bypass
CVSS 4.3
CVE-2021-24641 HIGH
Images to WebP < 1.9 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-43559 HIGH
Moodle < 3.8.8, 3.9-3.9.10, 3.10-3.10.7, 3.11-3.11.3 - Cross-Site Request Forgery via Badge Deletion
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium