CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-24620
HIGH
Simple Ecommerce Shopping Cart Plugin < 2.2.5 - Authenticated Arbitrary File Upload via Downloadable Product Feature
CVSS 8.8
CVE-2021-24586
MEDIUM
Per page add to head < 1.4.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24491
HIGH
fileviewer < 2.2 - Cross-Site Request Forgery via File Upload and Delete Actions
CVSS 8.8
CVE-2021-24490
MEDIUM
Email Artillery WordPress Plugin < 4.1 - Unauthenticated Arbitrary File Upload via Import Emails Feature
CVSS 6.8
CVE-2021-24431
MEDIUM
Language Bar Flags < 1.0.8 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-38721
MEDIUM
FUEL CMS 1.5.0 - Cross-Site Request Forgery in login.php
CVSS 6.5
CVE-2021-23404
HIGH
sqlite-web - Cross-Site Request Forgery in SQL Dashboard
CVSS 7.6
CVE-2021-38705
HIGH
ClinicCases 7.3.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39197
MEDIUM
better_errors < 2.8.0 - Cross-Site Request Forgery via Missing CSRF Protection
CVSS 6.3
CVE-2021-37725
HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 8.3.0.0-8.3.0.14 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-24611
MEDIUM
Keyword Meta < 3.0 - Cross-Site Scripting and Cross-Site Request Forgery
CVSS 5.4
CVE-2021-21679
HIGH
Jenkins Azure AD Plugin < 179.vf6841393099e - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-21678
HIGH
Jenkins SAML Plugin < 2.0.7 - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-27557
MEDIUM
EasyCorp ZenTao 12.5.3 - Cross-Site Request Forgery in Cron Job Tab
CVSS 4.3
CVE-2021-39133
HIGH
Rundeck < 3.3.14 and 3.4.0-3.4.3 - Cross-Site Request Forgery
CVSS 7.2
CVE-2021-38342
HIGH
Nested Pages WordPress <= 3.1.15 - CSRF
CVSS 8.1
CVE-2021-32991
MEDIUM
Delta Electronics DIAEnergie <1.7.5 - CSRF
CVSS 4.3
CVE-2021-24581
HIGH
Blue Admin WordPress Plugin < 21.06.01 - Stored XSS and CSRF via Logo Title
CVSS 8.8
CVE-2021-40174
HIGH
Zoho ManageEngine Log360 <Build 5224 - CSRF
CVSS 8.8
CVE-2021-40173
HIGH
Zoho ManageEngine Cloud Security Plus < 4.0 - Cross-Site Request Forgery in Server Proxy Settings
CVSS 8.8
CVE-2021-40172
HIGH
ManageEngine Log360 < 5.1 - Cross-Site Request Forgery in Proxy Settings
CVSS 8.8
CVE-2021-3734
HIGH
YOURLS < 1.8.1 - Cross-Site Request Forgery via Clickjacking
CVSS 8.8
CVE-2021-28070
MEDIUM
PopojiCMS 2.0.1 - Cross-Site Request Forgery in User Multi-Delete Function
CVSS 4.3
CVE-2021-23431
MEDIUM
Joplin < 2.3.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-3730
MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium