CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2020-8504 MEDIUM
arox School Management Software PHP/mySQL < 2019-03-14 - Cross-Site Request Forgery via Add Admin Action
CVSS 6.5
CVE-2020-7965 HIGH
webargs 5.0.0-5.5.2 - Cross-Site Request Forgery via JSON Content-Type Bypass
CVSS 8.8
CVE-2020-8425 MEDIUM
Cups Easy (Purchase & Inventory) 1.0 - CSRF
CVSS 6.5
CVE-2020-8424 HIGH
Cups Easy (Purchase & Inventory) 1.0 - CSRF
CVSS 8.8
CVE-2020-8420 HIGH
Joomla! 3.0.0-3.9.14 - Cross-Site Request Forgery in LESS Compiler
CVSS 8.8
CVE-2020-8419 HIGH
Joomla! 3.0.0-3.9.14 - Cross-Site Request Forgery in Batch Actions
CVSS 8.8
CVE-2020-8417 HIGH
Code Snippets < 2.14.0 - Cross-Site Request Forgery via Import Menu
CVSS 8.8
CVE-2020-7991 HIGH
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
CVSS 8.8
CVE-2020-7210 MEDIUM
Umbraco CMS 8.2.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-6849 HIGH
marketo-forms-and-tracking < 1.0.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 8.8
CVE-2020-5397 MEDIUM
Spring Framework 5.2.x < 5.2.3 - Cross-Site Request Forgery via CORS Preflight Requests
CVSS 5.3
CVE-2020-2098 HIGH
Jenkins Sounds Plugin < 0.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2093 HIGH
Jenkins Health Advisor by CloudBees < 3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2090 HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-5502 MEDIUM
phpBB 3.2.8 - Cross-Site Request Forgery via Group Membership Approval
CVSS 6.5
CVE-2020-5501 MEDIUM
phpBB 3.2.8 - Cross-Site Request Forgery via Group Avatar Modification
CVSS 4.3
CVE-2020-6167 HIGH
WordPress Minimal Coming Soon & Maintenance Mode <2.10 - CSRF
CVSS 8.8
CVE-2019-25729 CRITICAL
PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
CVSS 9.8
CVE-2019-25708 MEDIUM
Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
CVSS 4.3
CVE-2019-25693 HIGH
ResourceSpace 8.6 SQL Injection via collection_edit.php
CVSS 7.1
CVE-2019-25682 MEDIUM
CMSsite 1.0 Cross-Site Request Forgery via users.php
CVSS 4.3
CVE-2019-25447 MEDIUM
OrientDB 3.0.17 GA Community - CSRF
CVSS 4.3
CVE-2019-25359 HIGH
SD.NET RIM < 4.7.3c - SQL Injection via POST Parameters 'idtyp' and 'idgremium'
CVSS 8.2
CVE-2019-25313 MEDIUM
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery to Add Local Admin
CVSS 4.0
CVE-2019-25259 MEDIUM
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
CVSS 5.3
Details
Vulnerabilities 9,376
Exploit Likelihood Medium