CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-26215 MEDIUM
SeedDMS 5.1.0-5.1.20 - Cross-Site Request Forgery in out.EditDocument.php
CVSS 4.3
CVE-2021-24133 MEDIUM
ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings Form
CVSS 4.3
CVE-2021-21627 HIGH
Jenkins Libvirt Agents Plugin < 1.9.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-26961 HIGH
Aruba AirWave < 8.2.12.0 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2021-26960 HIGH
Aruba AirWave < 8.2.12.0 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2021-27927 HIGH
Zabbix <4.0.28rc1-5.2.6rc1-5.4.0beta2 - CSRF
CVSS 8.8
CVE-2021-27885 HIGH
e107 < 2.3.0 - Cross-Site Request Forgery via usersettings.php
CVSS 8.8
CVE-2021-1227 HIGH
Cisco NX-OS - Unauthenticated Cross-Site Request Forgery in NX-API
CVSS 8.1
CVE-2021-21620 MEDIUM
Jenkins Claim Plugin < 2.18.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-21617 HIGH
Jenkins Configuration Slicing Plugin < 1.51 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-22701 MEDIUM
PowerLogic - Cross-Site Request Forgery
CVSS 4.5
CVE-2021-26296 HIGH
Apache MyFaces 2.2.0-2.2.13, 2.3.0-2.3.7, 3.0.0-RC1 CSRF via Weak Token Generation
CVSS 7.5
CVE-2021-20073 HIGH
Racom MIDGE Firmware 4.4.40.105 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-20650 MEDIUM
ELECOM NCC-EWF100RMWH2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20647 MEDIUM
ELECOM WRC-300FEBK-S - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20646 MEDIUM
ELECOM WRC-300FEBK-A Firmware - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20641 MEDIUM
LOGITEC LAN-W300N/RS - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20636 MEDIUM
LOGITEC LAN-W300N/PR5B - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-21027 MEDIUM
Magento < 2.3.6 - Unauthenticated Cross-Site Request Forgery via GraphQL API
CVSS 4.3
CVE-2021-20403 HIGH
IBM Security Verify Information Queue <1.0.8 - CSRF
CVSS 8.8
CVE-2021-22500 MEDIUM
Micro Focus Application Performance Management <9.51 - CSRF
CVSS 6.5
CVE-2021-20652 HIGH
Name Directory < 1.17.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-25765 HIGH
JetBrains YouTrack < 2020.4.4701 - Cross-Site Request Forgery via Attachment Upload
CVSS 8.8
CVE-2021-20621 HIGH
Aterm WG2600HP and WG2600HP2 Firmware < 1.0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-21275 MEDIUM
MediaWiki Report Extension < 2021-01-21 - Cross-Site Request Forgery via Special:Report
CVSS 5.3
Details
Vulnerabilities 9,374
Exploit Likelihood Medium