CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-40518
MEDIUM
Airangel HSMX Gateway <5.2.04 - CSRF
CVSS 6.5
CVE-2021-41372
HIGH
Power BI Report Server - Stored Cross-Site Scripting and Cross-Site Request Forgery via Malicious PBIX Template Upload
CVSS 7.6
CVE-2021-24832
MEDIUM
WP SEO Redirect 301 < 2.3.2 - Cross-Site Request Forgery via Redirect Deletion
CVSS 4.3
CVE-2021-24806
MEDIUM
wpDiscuz < 7.3.4 - Cross-Site Request Forgery in Comment Management
CVSS 4.3
CVE-2021-24801
MEDIUM
WP Survey Plus < 1.0 - Unauthenticated Survey Manipulation and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24767
MEDIUM
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Cross-Site Request Forgery via Log Deletion
CVSS 6.5
CVE-2021-24766
MEDIUM
404 to 301 < 3.0.9 - Cross-Site Request Forgery via Log Cleaning
CVSS 6.5
CVE-2021-24674
MEDIUM
Genie WP Favicon < 0.5.2 - Cross-Site Request Forgery via Favicon Update
CVSS 6.5
CVE-2021-24626
HIGH
Chameleon CSS < 1.2 - Authenticated Cross-Site Request Forgery and SQL Injection via AJAX Calls
CVSS 8.8
CVE-2021-34773
MEDIUM
Cisco Unified Communications Manager - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-29888
HIGH
IBM InfoSphere Information Server 11.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24809
HIGH
BP Better Messages <1.9.9.41 - CSRF
CVSS 8.8
CVE-2021-24799
MEDIUM
Far Future Expiry Header < 1.5 - Cross-Site Request Forgery via Settings Save
CVSS 4.3
CVE-2021-24685
MEDIUM
Flat Preloader WordPress <1.5.4 - XSS
CVSS 5.4
CVE-2021-24572
MEDIUM
Accept Donations with PayPal < 1.3.1 - Cross-Site Request Forgery via Unprotected Button Deletion
CVSS 4.3
CVE-2021-24570
MEDIUM
Accept Donations with PayPal < 1.3.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-3901
HIGH
firefly-iii < 5.6.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-3900
MEDIUM
firefly-iii < 5.6.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-41176
MEDIUM
Pterodactyl Panel < 1.6.3 - Cross-Site Request Forgery via Sign-Out Endpoint
CVSS 4.3
CVE-2021-24884
CRITICAL
Formidable Form Builder <4.09.05 - HTML Injection
CVSS 9.6
CVE-2021-24779
MEDIUM
WP Debugging < 2.11.0 - Unauthenticated Settings Update via Missing Authorization
CVSS 6.5
CVE-2021-24543
MEDIUM
jquery-reply-to-comment < 1.31 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24487
HIGH
St-Daily-Tip < 4.7 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Default Text Setting
CVSS 8.8
CVE-2021-20120
HIGH
Arris Surfboard SB8200 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39126
MEDIUM
Atlassian Jira Server/Data Center <8.5.10, 8.6.0-8.13.1 CSRF via Referrer Header
CVSS 6.5
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium