CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-34743
MEDIUM
Cisco Webex Software - Unauthenticated Cross-Site Request Forgery in Application Integration
CVSS 4.3
CVE-2021-42097
HIGH
GNU Mailman < 2.1.35 - Cross-Site Request Forgery via Shared csrf_token
CVSS 8.0
CVE-2021-21745
MEDIUM
ZTE MF971R Firmware - Cross-Site Request Forgery via Referer Authentication Bypass
CVSS 4.3
CVE-2021-3858
HIGH
snipe-it < 5.3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-38480
CRITICAL
InHand Networks IR615 Router's Versions 2.3.0.r4724-2.3.0.r4870 - CSRF
CVSS 9.6
CVE-2021-24752
MEDIUM
CatchThemes Plugins - Authenticated Improper Access Control via ctp_switch AJAX Action
CVSS 5.7
CVE-2021-24735
MEDIUM
Compact WP Audio Player <1.9.7 - CSRF
CVSS 6.5
CVE-2021-24675
MEDIUM
One User Avatar < 2.3.7 - Cross-Site Request Forgery via Avatar Upload Shortcode
CVSS 6.5
CVE-2021-24642
MEDIUM
Scroll Baner < 1.0 - Cross-Site Request Forgery in Settings Save
CVSS 6.5
CVE-2021-24615
MEDIUM
Wechat Reward < 1.7 - Cross-Site Request Forgery and Stored Cross-Site Scripting via QR Settings
CVSS 5.4
CVE-2021-24595
MEDIUM
Wp Cookie Choice < 1.1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.5
CVE-2021-39864
MEDIUM
Adobe Commerce < 2.3.7 and 2.4.2-p1-2.4.3 - Cross-Site Request Forgery via Wishlist Share Link
CVSS 6.5
CVE-2021-42228
HIGH
KindEditor 4.1-4.1.11 - Cross-Site Request Forgery via Upload Button Example
CVSS 8.8
CVE-2021-20126
HIGH
Draytek VigorConnect 1.6.0-B3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-20831
HIGH
OG Tags < 2.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-20795
HIGH
Cybozu Remote Service <3.1.9 - CSRF
CVSS 8.8
CVE-2021-24711
HIGH
Software License Manager <4.5.1 - CSRF
CVSS 8.8
CVE-2021-24683
MEDIUM
Weather Effect WordPress Plugin < 1.3.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2021-41916
HIGH
webtareas < 2.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-20489
HIGH
IBM Sterling File Gateway <6.1.1.0 - CSRF
CVSS 8.8
CVE-2021-29837
HIGH
IBM Sterling B2B Integrator 5.2.0.0-6.1.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-41113
HIGH
TYPO3 11.2.0-11.4.99 - Cross-Site Request Forgery via Deep Link Sharing
CVSS 8.8
CVE-2021-35491
HIGH
Wowza Streaming Engine <4.8.11+5 - CSRF
CVSS 8.1
CVE-2021-36850
MEDIUM
Media File Renamer <= 5.1.9 - Cross-Site Request Forgery via post_title, filename, and lock Parameters
CVSS 5.4
CVE-2021-41295
HIGH
ECOA BAS Controller - Authenticated Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium