CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-21675 MEDIUM
Jenkins requests-plugin < 2.2.12 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20580 MEDIUM
IBM Planning Analytics 2.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-20102 HIGH
Machform < 16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-34244 HIGH
Icehrm - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32424 HIGH
TrendNet TW100-S4W1CA 2.3.32 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24349 MEDIUM
gallery_from_files < 1.6.0 - Reflected Cross-Site Scripting via Error Message
CVSS 6.1
CVE-2021-34547 MEDIUM
PRTG Network Monitor 20.1.55.1775 - Cross-Site Request Forgery via /editsettings
CVSS 4.3
CVE-2021-31659 HIGH
TP-Link TL-SG2005 and TL-SG2008 Firmware 1.0.0 Build 20180529 Rel.40524 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-21665 HIGH
Jenkins XebiaLabs XL Deploy Plugin < 10.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32677 HIGH
FastAPI < 0.65.2 - Cross-Site Request Forgery via JSON Payload in text/plain Content-Type
CVSS 8.2
CVE-2021-29995 HIGH
CloverDX < 5.7.1 - Cross-Site Request Forgery in Server Console
CVSS 8.8
CVE-2021-26474 HIGH
Vembu BDR Suite < 4.2.0 - Cross-Site Request Forgery
CVSS 8.6
CVE-2021-24333 MEDIUM
Content Copy Protection & Prevent Image Save < 1.3 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.5
CVE-2021-24328 MEDIUM
WP Login Security and History < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.2
CVE-2021-26034 MEDIUM
Joomla! 3.0.0-3.9.26 - Cross-Site Request Forgery in Data Download Endpoints
CVSS 6.5
CVE-2021-26033 MEDIUM
Joomla! 3.0.0-3.9.26 - Cross-Site Request Forgery via AJAX Reordering Endpoint
CVSS 6.5
CVE-2021-20096 HIGH
OpenOversight 0.6.4 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-21549 HIGH
Dell EMC XtremIO Management Server < 6.3.3-8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32632 LOW
pajbot < 1.52 - Cross-Site Request Forgery
CVSS 2.4
CVE-2021-25931 HIGH
OpenNMS Horizon < 27.1.1 and Meridian < 2019.1.19 - Cross-Site Request Forgery via User Update Endpoint
CVSS 8.8
CVE-2021-25930 MEDIUM
OpenNMS Horizon < 27.1.1 and Meridian < 2019.1.19 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-29624 MEDIUM
fastify-csrf < 3.1.0 - Cross-Site Request Forgery Protection Bypass via Subdomain Cookie Handling
CVSS 6.5
CVE-2021-24324 MEDIUM
404 SEO Redirection WordPress Plugin <= 1.3 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.5
CVE-2021-32403 HIGH
Intelbras RF 301K Firmware 1.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32402 HIGH
Intelbras RF 301K Firmware 1.1.2 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium