CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-34358 MEDIUM
QmailAgent < 3.0.2 - Cross-Site Request Forgery
CVSS 6.8
CVE-2021-39198 MEDIUM
Oroinc Client Relationship Management < 3.1.24 - CSRF
CVSS 4.2
CVE-2021-44036 HIGH
Team Password Manager < 10.135.236 - Cross-Site Request Forgery during Import
CVSS 8.8
CVE-2021-39353 HIGH
Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery via ajax_add_form Function
CVSS 8.8
CVE-2021-3963 MEDIUM
Kimai2 < 1.16.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3957 MEDIUM
Kimai2 < 1.16.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3976 MEDIUM
Kimai2 < 1.16.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-36908 HIGH
WP Reset PRO < 5.98 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-41275 CRITICAL
spree_auth_devise < 4.0.1, 4.3.0-4.4.1 - Cross-Site Request Forgery
CVSS 9.3
CVE-2021-41274 CRITICAL
solidus_auth_devise 1.0.0-2.5.3 - Cross-Site Request Forgery
CVSS 9.3
CVE-2021-41273 MEDIUM
Pterodactyl Panel < 1.6.6 - Cross-Site Request Forgery via Test Email and Auto-Deployment Token Endpoints
CVSS 4.3
CVE-2021-24853 MEDIUM
QR Redirector < 1.6 - Authenticated Improper Access Control via qr_save_bulk AJAX Action
CVSS 4.3
CVE-2021-24852 MEDIUM
MouseWheel Smooth Scroll <5.7 - CSRF
CVSS 6.5
CVE-2021-24804 HIGH
Simple JWT Login WordPress <3.2.1 - Privilege Escalation
CVSS 8.8
CVE-2021-24802 MEDIUM
Colorful Categories WP <2.0.15 - CSRF
CVSS 6.5
CVE-2021-24776 MEDIUM
WP Performance Score Booster <2.1 - CSRF
CVSS 4.3
CVE-2021-25965 HIGH
calibre-web 0.6.0-0.6.13 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-25976 HIGH
PiranhaCMS 4.0.0-alpha1-9.2.0 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-3776 MEDIUM
showdoc < 2.9.12 and >= 0 < 2.9.13 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-3775 MEDIUM
showdoc < 2.9.12 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-3683 MEDIUM
showdoc < 2.9.12 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-3932 MEDIUM
twill < 2.5.2 and < 1.2.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3931 MEDIUM
snipe-it < 5.3.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3921 MEDIUM
firefly-iii < 5.6.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-41426 HIGH
Beeline Smart Box Firmware 2.0.38 - Cross-Site Request Forgery via mgt_end_user.htm
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium