CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-41764 HIGH
streama <= 1.10.3 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2021-34636 HIGH
Countdown and CountUp, WooCommerce Sales Timers < 1.5.7 - Cross-Site Request Forgery via save_theme Function
CVSS 8.8
CVE-2021-36877 MEDIUM
uListing <= 2.0.5 - Cross-Site Request Forgery to Modify User Roles
CVSS 4.3
CVE-2021-36876 MEDIUM
uListing <= 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
CVSS 5.4
CVE-2021-36878 MEDIUM
uListing <= 2.0.5 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2021-40108 HIGH
Concrete CMS < 8.5.6 - Cross-Site Request Forgery via Calendar Event Save Endpoint
CVSS 8.8
CVE-2021-3819 HIGH
firefly-iii < 5.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-31604 MEDIUM
openvpn-monitor < 1.1.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-29816 MEDIUM
IBM Jazz for Service Management 1.1.3.10 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-22953 MEDIUM
Concrete CMS < 8.5.5 - Cross-Site Request Forgery via Topic Cloning
CVSS 5.4
CVE-2021-22950 MEDIUM
Concrete CMS < 8.5.6 - Cross-Site Request Forgery via Comment Attachment Deletion
CVSS 6.5
CVE-2021-22949 MEDIUM
Concrete CMS < 8.5.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-41083 HIGH
Dada Mail < 11.16.0 - Cross-Site Request Forgery
CVSS 8.0
CVE-2021-24639 HIGH
OMGF WordPress Plugin < 4.5.4 - Authenticated Path Traversal and Arbitrary File Deletion via omgf_ajax_empty_dir
CVSS 8.1
CVE-2021-24636 HIGH
Print My Blog WordPress Plugin < 3.4.2 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 8.1
CVE-2021-24618 MEDIUM
Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting via QRCode Image Setting
CVSS 5.4
CVE-2021-24584 MEDIUM
Timetable and Event Schedule < 2.4.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2021-24583 MEDIUM
Timetable and Event Schedule WordPress Plugin < 2.4.2 - Improper Access Control in Timeslot Deletion
CVSS 4.3
CVE-2021-40965 HIGH
TinyFileManager <= 2.4.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39209 HIGH
GLPI < 9.5.6 - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-23026 HIGH
BIG-IP 13.1.0-13.1.4 - Cross-Site Request Forgery via iControl SOAP
CVSS 8.8
CVE-2021-23050 HIGH
BIG-IP Advanced WAF/ASM <16.0.1.2 & 15.1.3 - CSRF
CVSS 7.5
CVE-2021-37201 HIGH
SINEC NMS < 1.0 SP1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39124 MEDIUM
Atlassian Jira Server and Data Center < 8.16.0 - Cross-Site Request Forgery via Retry Feature
CVSS 4.3
CVE-2021-24725 MEDIUM
Comment Link Remove and Other Comment Tools < 2.1.6 - Cross-Site Request Forgery in Delete Comments Functionality
CVSS 4.3
Details
Vulnerabilities 9,374
Exploit Likelihood Medium