CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-32073
HIGH
DedeCMS V5.7 SP2 - Cross-Site Request Forgery Leading to Remote Code Execution
CVSS 8.8
CVE-2021-21655
HIGH
Jenkins P4 Plugin < 1.11.4 - Cross-Site Request Forgery
CVSS 7.1
CVE-2021-21652
HIGH
Jenkins Xray - Test Management for Jira < 2.4.0 - Cross-Site Request Forgery
CVSS 7.1
CVE-2021-32096
HIGH
NSA Emissary 5.9.0 - Cross-Site Request Forgery via ConsoleAction CONSOLE_COMMAND_STRING Parameter
CVSS 8.8
CVE-2021-24251
MEDIUM
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-24249
MEDIUM
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-24179
HIGH
Business Directory Plugin < 5.11 - CSRF & RCE via File Import
CVSS 8.8
CVE-2021-24178
HIGH
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24272
MEDIUM
fitness_calculators < 1.9.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-29238
HIGH
CODESYS Automation Server < 1.16.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-30224
HIGH
Rukovoditel 2.8.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-28280
MEDIUM
phpfusion 9.03.110 - Cross-Site Request Forgery and Cross-Site Scripting in search.php
CVSS 6.1
CVE-2021-31762
HIGH
Webmin 1.973 - Cross-Site Request Forgery via User Addition Feature
CVSS 8.8
CVE-2021-31760
HIGH
Webmin 1.973 - Cross-Site Request Forgery to Remote Command Execution via Running Process Feature
CVSS 8.8
CVE-2021-31584
HIGH
Sipwise C5 NGCP www_csc 3.6.4-mr3.8.13 - Cross-Site Request Forgery via Call/Click2Dial
CVSS 8.8
CVE-2021-21644
MEDIUM
Jenkins Config File Provider Plugin < 3.7.0 - Cross-Site Request Forgery via Configuration File Deletion
CVSS 5.4
CVE-2021-27181
HIGH
MDaemon < 20.0.4 - Cross-Site Request Forgery via Anti-CSRF Token Fixation
CVSS 8.8
CVE-2021-31152
HIGH
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
CVSS 8.8
CVE-2021-29436
MEDIUM
Anuko Time Tracker < 1.19.27.5431 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-29435
HIGH
trestle-auth 0.4.0-0.4.1 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-21731
HIGH
ZXCLOUD iRAI < 6.03.04 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-21729
MEDIUM
ZTE ZXHN H168N and H108N Firmware - Cross-Site Request Forgery via Missing CSRF Token
CVSS 6.5
CVE-2021-29054
HIGH
Papoo CMS Light < 21.02 and Papoo CMS Pro < 6.0.1 - Cross-Site Request Forgery in Admin Interface
CVSS 8.8
CVE-2021-24231
MEDIUM
Patreon WordPress < 1.7.0 - Cross-Site Request Forgery via Administrator Disconnect Link
CVSS 6.5
CVE-2021-24230
HIGH
Patreon WordPress < 1.7.0 - Cross-Site Request Forgery via User Metadata Overwrite
CVSS 8.1
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium