CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-20390 HIGH
Subrion CMS 4.2.1 - Cross-Site Request Forgery via Unvalidated GET Request
CVSS 8.1
CVE-2019-19517 HIGH
Intelbras RF1200 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-0235 HIGH
Apache OFBiz 17.12.01 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-4750 HIGH
IBM Cloud App Management <2019.4.0 - CSRF
CVSS 8.8
CVE-2019-20691 HIGH
NETGEAR D3600/D6000/EX3700/EX3800/EX6000/EX6100/EX6120/EX6130/EX6150/EX6200/EX7000/WN2500RP CSRF
CVSS 8.8
CVE-2019-18376 MEDIUM
Symantec Management Center - Cross-Site Request Forgery via Token Disclosure
CVSS 5.9
CVE-2019-19025 HIGH
Cloud Native Computing Foundation Harbor <1.8.6,1.9.3 - CSRF
CVSS 8.8
CVE-2019-16068 HIGH
NETSAS ENIGMA NMS < 65.0.0 - Cross-Site Request Forgery via manage_files.cgi
CVSS 8.8
CVE-2019-12769 HIGH
SolarWinds Serv-U Managed File Transfer < 15.1.6 Hotfix 2 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2019-13199 MEDIUM
Kyocera ECOSYS M5526cdw Firmware 2R7_2000.001.701 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-13170 MEDIUM
Xerox Phaser 3320 Firmware V53.006.16.000 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-13395 HIGH
NETGEAR CG3700b Firmware V2.02.03 - Cross-Site Request Forgery via /goform/ URIs
CVSS 8.8
CVE-2019-17653 HIGH
Fortinet FortiSIEM 5.2.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-16107 MEDIUM
phpBB 3.2.7 - Cross-Site Request Forgery in Post Attachment Deletion
CVSS 4.3
CVE-2019-17642 HIGH
Centreon 18.0.0-18.10.8 - Unauthenticated Remote Code Execution via Autodiscovery Plugin CSRF
CVSS 8.8
CVE-2019-20487 HIGH
NETGEAR WNR1000V4 1.1.0.54 - Unauthenticated Cross-Site Request Forgery via setup.cgi
CVSS 8.8
CVE-2019-4726 MEDIUM
IBM Sterling B2B Integrator Standard Edition <5.2.6.5 - CSRF
CVSS 4.3
CVE-2019-19987 MEDIUM
Selesta Visual Access Manager 4.15.0-4.29.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-20480 HIGH
MIELE XGW 3000 ZigBee Gateway Firmware < 2.4.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-12437 HIGH
SilverStripe < 4.3.3 - Cross-Site Request Forgery in GraphQL Mutations
CVSS 8.8
CVE-2019-12246 MEDIUM
SilverStripe < 4.3.3 - Denial of Service via Flush and Development URL Tools
CVSS 4.3
CVE-2019-20100 MEDIUM
Atlassian Jira Server and Data Center - Cross-Site Request Forgery in Application Links Plugin
CVSS 4.7
CVE-2019-20099 MEDIUM
Atlassian Jira Server and Data Center 7.6.15-8.5.3 - Cross-Site Request Forgery in VerifyPopServerConnection
CVSS 4.3
CVE-2019-20098 MEDIUM
Atlassian Jira Server and Data Center 7.6.15-8.5.3 - Cross-Site Request Forgery in VerifySmtpServerConnection
CVSS 4.3
CVE-2019-19668 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in File Types Component
CVSS 4.3
Details
Vulnerabilities 9,376
Exploit Likelihood Medium