CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-24620 HIGH
Simple Ecommerce Shopping Cart Plugin < 2.2.5 - Authenticated Arbitrary File Upload via Downloadable Product Feature
CVSS 8.8
CVE-2021-24586 MEDIUM
Per page add to head < 1.4.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-24491 HIGH
fileviewer < 2.2 - Cross-Site Request Forgery via File Upload and Delete Actions
CVSS 8.8
CVE-2021-24490 MEDIUM
Email Artillery WordPress Plugin < 4.1 - Unauthenticated Arbitrary File Upload via Import Emails Feature
CVSS 6.8
CVE-2021-24431 MEDIUM
Language Bar Flags < 1.0.8 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-38721 MEDIUM
FUEL CMS 1.5.0 - Cross-Site Request Forgery in login.php
CVSS 6.5
CVE-2021-23404 HIGH
sqlite-web - Cross-Site Request Forgery in SQL Dashboard
CVSS 7.6
CVE-2021-38705 HIGH
ClinicCases 7.3.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39197 MEDIUM
better_errors < 2.8.0 - Cross-Site Request Forgery via Missing CSRF Protection
CVSS 6.3
CVE-2021-37725 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 8.3.0.0-8.3.0.14 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-24611 MEDIUM
Keyword Meta < 3.0 - Cross-Site Scripting and Cross-Site Request Forgery
CVSS 5.4
CVE-2021-21679 HIGH
Jenkins Azure AD Plugin < 179.vf6841393099e - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-21678 HIGH
Jenkins SAML Plugin < 2.0.7 - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-27557 MEDIUM
EasyCorp ZenTao 12.5.3 - Cross-Site Request Forgery in Cron Job Tab
CVSS 4.3
CVE-2021-39133 HIGH
Rundeck < 3.3.14 and 3.4.0-3.4.3 - Cross-Site Request Forgery
CVSS 7.2
CVE-2021-38342 HIGH
Nested Pages WordPress <= 3.1.15 - CSRF
CVSS 8.1
CVE-2021-32991 MEDIUM
Delta Electronics DIAEnergie <1.7.5 - CSRF
CVSS 4.3
CVE-2021-24581 HIGH
Blue Admin WordPress Plugin < 21.06.01 - Stored XSS and CSRF via Logo Title
CVSS 8.8
CVE-2021-40174 HIGH
Zoho ManageEngine Log360 <Build 5224 - CSRF
CVSS 8.8
CVE-2021-40173 HIGH
Zoho ManageEngine Cloud Security Plus < 4.0 - Cross-Site Request Forgery in Server Proxy Settings
CVSS 8.8
CVE-2021-40172 HIGH
ManageEngine Log360 < 5.1 - Cross-Site Request Forgery in Proxy Settings
CVSS 8.8
CVE-2021-3734 HIGH
YOURLS < 1.8.1 - Cross-Site Request Forgery via Clickjacking
CVSS 8.8
CVE-2021-28070 MEDIUM
PopojiCMS 2.0.1 - Cross-Site Request Forgery in User Multi-Delete Function
CVSS 4.3
CVE-2021-23431 MEDIUM
Joplin < 2.3.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-3730 MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,374
Exploit Likelihood Medium