CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-32073 HIGH
DedeCMS V5.7 SP2 - Cross-Site Request Forgery Leading to Remote Code Execution
CVSS 8.8
CVE-2021-21655 HIGH
Jenkins P4 Plugin < 1.11.4 - Cross-Site Request Forgery
CVSS 7.1
CVE-2021-21652 HIGH
Jenkins Xray - Test Management for Jira < 2.4.0 - Cross-Site Request Forgery
CVSS 7.1
CVE-2021-32096 HIGH
NSA Emissary 5.9.0 - Cross-Site Request Forgery via ConsoleAction CONSOLE_COMMAND_STRING Parameter
CVSS 8.8
CVE-2021-24251 MEDIUM
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-24249 MEDIUM
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-24179 HIGH
Business Directory Plugin < 5.11 - CSRF & RCE via File Import
CVSS 8.8
CVE-2021-24178 HIGH
Business Directory Plugin - Easy Listing Directories for WordPress < 5.11.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24272 MEDIUM
fitness_calculators < 1.9.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2021-29238 HIGH
CODESYS Automation Server < 1.16.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-30224 HIGH
Rukovoditel 2.8.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-28280 MEDIUM
phpfusion 9.03.110 - Cross-Site Request Forgery and Cross-Site Scripting in search.php
CVSS 6.1
CVE-2021-31762 HIGH
Webmin 1.973 - Cross-Site Request Forgery via User Addition Feature
CVSS 8.8
CVE-2021-31760 HIGH
Webmin 1.973 - Cross-Site Request Forgery to Remote Command Execution via Running Process Feature
CVSS 8.8
CVE-2021-31584 HIGH
Sipwise C5 NGCP www_csc 3.6.4-mr3.8.13 - Cross-Site Request Forgery via Call/Click2Dial
CVSS 8.8
CVE-2021-21644 MEDIUM
Jenkins Config File Provider Plugin < 3.7.0 - Cross-Site Request Forgery via Configuration File Deletion
CVSS 5.4
CVE-2021-27181 HIGH
MDaemon < 20.0.4 - Cross-Site Request Forgery via Anti-CSRF Token Fixation
CVSS 8.8
CVE-2021-31152 HIGH
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
CVSS 8.8
CVE-2021-29436 MEDIUM
Anuko Time Tracker < 1.19.27.5431 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-29435 HIGH
trestle-auth 0.4.0-0.4.1 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-21731 HIGH
ZXCLOUD iRAI < 6.03.04 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-21729 MEDIUM
ZTE ZXHN H168N and H108N Firmware - Cross-Site Request Forgery via Missing CSRF Token
CVSS 6.5
CVE-2021-29054 HIGH
Papoo CMS Light < 21.02 and Papoo CMS Pro < 6.0.1 - Cross-Site Request Forgery in Admin Interface
CVSS 8.8
CVE-2021-24231 MEDIUM
Patreon WordPress < 1.7.0 - Cross-Site Request Forgery via Administrator Disconnect Link
CVSS 6.5
CVE-2021-24230 HIGH
Patreon WordPress < 1.7.0 - Cross-Site Request Forgery via User Metadata Overwrite
CVSS 8.1
Details
Vulnerabilities 9,374
Exploit Likelihood Medium