CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-40518 MEDIUM
Airangel HSMX Gateway <5.2.04 - CSRF
CVSS 6.5
CVE-2021-41372 HIGH
Power BI Report Server - Stored Cross-Site Scripting and Cross-Site Request Forgery via Malicious PBIX Template Upload
CVSS 7.6
CVE-2021-24832 MEDIUM
WP SEO Redirect 301 < 2.3.2 - Cross-Site Request Forgery via Redirect Deletion
CVSS 4.3
CVE-2021-24806 MEDIUM
wpDiscuz < 7.3.4 - Cross-Site Request Forgery in Comment Management
CVSS 4.3
CVE-2021-24801 MEDIUM
WP Survey Plus < 1.0 - Unauthenticated Survey Manipulation and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24767 MEDIUM
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Cross-Site Request Forgery via Log Deletion
CVSS 6.5
CVE-2021-24766 MEDIUM
404 to 301 < 3.0.9 - Cross-Site Request Forgery via Log Cleaning
CVSS 6.5
CVE-2021-24674 MEDIUM
Genie WP Favicon < 0.5.2 - Cross-Site Request Forgery via Favicon Update
CVSS 6.5
CVE-2021-24626 HIGH
Chameleon CSS < 1.2 - Authenticated Cross-Site Request Forgery and SQL Injection via AJAX Calls
CVSS 8.8
CVE-2021-34773 MEDIUM
Cisco Unified Communications Manager - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-29888 HIGH
IBM InfoSphere Information Server 11.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24809 HIGH
BP Better Messages <1.9.9.41 - CSRF
CVSS 8.8
CVE-2021-24799 MEDIUM
Far Future Expiry Header < 1.5 - Cross-Site Request Forgery via Settings Save
CVSS 4.3
CVE-2021-24685 MEDIUM
Flat Preloader WordPress <1.5.4 - XSS
CVSS 5.4
CVE-2021-24572 MEDIUM
Accept Donations with PayPal < 1.3.1 - Cross-Site Request Forgery via Unprotected Button Deletion
CVSS 4.3
CVE-2021-24570 MEDIUM
Accept Donations with PayPal < 1.3.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-3901 HIGH
firefly-iii < 5.6.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-3900 MEDIUM
firefly-iii < 5.6.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-41176 MEDIUM
Pterodactyl Panel < 1.6.3 - Cross-Site Request Forgery via Sign-Out Endpoint
CVSS 4.3
CVE-2021-24884 CRITICAL
Formidable Form Builder <4.09.05 - HTML Injection
CVSS 9.6
CVE-2021-24779 MEDIUM
WP Debugging < 2.11.0 - Unauthenticated Settings Update via Missing Authorization
CVSS 6.5
CVE-2021-24543 MEDIUM
jquery-reply-to-comment < 1.31 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24487 HIGH
St-Daily-Tip < 4.7 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Default Text Setting
CVSS 8.8
CVE-2021-20120 HIGH
Arris Surfboard SB8200 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39126 MEDIUM
Atlassian Jira Server/Data Center <8.5.10, 8.6.0-8.13.1 CSRF via Referrer Header
CVSS 6.5
Details
Vulnerabilities 9,374
Exploit Likelihood Medium