CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-3729 MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-3728 MEDIUM
firefly-iii < 5.6.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-24565 HIGH
Contact Form 7 Captcha < 0.0.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 8.8
CVE-2021-24555 HIGH
diary-availability-calendar < 1.0.3 - Authenticated SQL Injection via daac_delete_booking AJAX Action
CVSS 8.8
CVE-2021-39243 MEDIUM
Altus Nexto, Nexto Xpress, and Hadron Xtorm - Cross-Site Request Forgery via CGI Endpoint
CVSS 6.5
CVE-2021-28490 HIGH
OWASP CSRFGuard < 3.1.0 - Cross-Site Request Forgery via Session Token
CVSS 8.8
CVE-2021-34645 HIGH
Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery via save_currency_settings
CVSS 8.8
CVE-2021-20758 HIGH
Cybozu Garoon 4.0.0-5.0.2 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2021-24536 MEDIUM
Custom Login Redirect < 1.0.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24535 MEDIUM
Light Messages < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 6.1
CVE-2021-24466 MEDIUM
Verse-O-Matic < 4.1.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24411 MEDIUM
Social Tape < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2021-24410 MEDIUM
telugu_bible_verse_daily < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24380 MEDIUM
Shantz WordPress QOTD < 1.2.2 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2021-32122 CRITICAL
NETGEAR EX3700/EX3800/EX6120/EX6130 - Cross-Site Request Forgery
CVSS 9.8
CVE-2021-29400 MEDIUM
My SMTP Contact 1.1.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-37366 HIGH
ctparental < 4.45.03 - Cross-Site Request Forgery in Admin Panel
CVSS 8.8
CVE-2021-34661 MEDIUM
WP Fusion Lite <= 3.37.18 - Cross-Site Request Forgery via show_logs_section Function
CVSS 6.1
CVE-2021-24500 HIGH
Workreap < 2.2.2 - Insecure Direct Object Reference and CSRF via AJAX Actions
CVSS 8.1
CVE-2021-24467 MEDIUM
Leaflet Map < 3.0.0 - Cross-Site Request Forgery via Settings Update
CVSS 6.5
CVE-2021-37381 HIGH
Southsoft GMIS 5.0 - Cross-Site Request Forgery via Student Photo Endpoint
CVSS 8.8
CVE-2021-34634 HIGH
sola-newsletters <= 4.0.23 - Cross-Site Request Forgery via sola_nl_wp_head Function
CVSS 8.8
CVE-2021-34633 HIGH
Youtube Feeder < 2.0.1 - Cross-Site Request Forgery via printAdminPage Function
CVSS 8.8
CVE-2021-34631 HIGH
NewsPlugin <= 1.0.18 - Cross-Site Request Forgery via handle_save_style Function
CVSS 8.8
CVE-2021-23849 HIGH
Bosch CPP4, CPP6, CPP7, CPP7.3, CPP13, CPP14, and Aviotec Firmware - Unauthenticated Cross-Site Request Forgery
CVSS 7.5
Details
Vulnerabilities 9,374
Exploit Likelihood Medium