CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-3729
MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3728
MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-24565
HIGH
Contact Form 7 Captcha < 0.0.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 8.8
CVE-2021-24555
HIGH
diary-availability-calendar < 1.0.3 - Authenticated SQL Injection via daac_delete_booking AJAX Action
CVSS 8.8
CVE-2021-39243
MEDIUM
Altus Nexto, Nexto Xpress, and Hadron Xtorm - Cross-Site Request Forgery via CGI Endpoint
CVSS 6.5
CVE-2021-28490
HIGH
OWASP CSRFGuard < 3.1.0 - Cross-Site Request Forgery via Session Token
CVSS 8.8
CVE-2021-34645
HIGH
Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery via save_currency_settings
CVSS 8.8
CVE-2021-20758
HIGH
Cybozu Garoon 4.0.0-5.0.2 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2021-24536
MEDIUM
Custom Login Redirect < 1.0.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24535
MEDIUM
Light Messages < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 6.1
CVE-2021-24466
MEDIUM
Verse-O-Matic < 4.1.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24411
MEDIUM
Social Tape < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2021-24410
MEDIUM
telugu_bible_verse_daily < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24380
MEDIUM
Shantz WordPress QOTD < 1.2.2 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2021-32122
CRITICAL
NETGEAR EX3700/EX3800/EX6120/EX6130 - Cross-Site Request Forgery
CVSS 9.8
CVE-2021-29400
MEDIUM
My SMTP Contact 1.1.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-37366
HIGH
ctparental < 4.45.03 - Cross-Site Request Forgery in Admin Panel
CVSS 8.8
CVE-2021-34661
MEDIUM
WP Fusion Lite <= 3.37.18 - Cross-Site Request Forgery via show_logs_section Function
CVSS 6.1
CVE-2021-24500
HIGH
Workreap < 2.2.2 - Insecure Direct Object Reference and CSRF via AJAX Actions
CVSS 8.1
CVE-2021-24467
MEDIUM
Leaflet Map < 3.0.0 - Cross-Site Request Forgery via Settings Update
CVSS 6.5
CVE-2021-37381
HIGH
Southsoft GMIS 5.0 - Cross-Site Request Forgery via Student Photo Endpoint
CVSS 8.8
CVE-2021-34634
HIGH
sola-newsletters <= 4.0.23 - Cross-Site Request Forgery via sola_nl_wp_head Function
CVSS 8.8
CVE-2021-34633
HIGH
Youtube Feeder < 2.0.1 - Cross-Site Request Forgery via printAdminPage Function
CVSS 8.8
CVE-2021-34631
HIGH
NewsPlugin <= 1.0.18 - Cross-Site Request Forgery via handle_save_style Function
CVSS 8.8
CVE-2021-23849
HIGH
Bosch CPP4, CPP6, CPP7, CPP7.3, CPP13, CPP14, and Aviotec Firmware - Unauthenticated Cross-Site Request Forgery
CVSS 7.5
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium