CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-19669 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery via Upload Center Forms Component
CVSS 6.5
CVE-2019-19667 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Block Clients Component
CVSS 5.4
CVE-2019-19666 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Event Notices Settings
CVSS 4.3
CVE-2019-19664 HIGH
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Web Settings
CVSS 7.1
CVE-2019-19662 MEDIUM
Rumpus FTP Server 8.2.9.1 - Cross-Site Request Forgery via Web File Manager Account Management
CVSS 6.5
CVE-2019-19665 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in FTP Settings
CVSS 6.5
CVE-2019-19663 MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Folder Sets Settings
CVSS 6.5
CVE-2019-19660 MEDIUM
Rumpus FTP Server 8.2.9.1 - Cross-Site Request Forgery via Network Settings
CVSS 6.5
CVE-2019-19659 HIGH
Rumpus FTP Server 8.2.9.1 - Cross-Site Request Forgery in Web File Manager Edit Accounts
CVSS 8.8
CVE-2019-20059 HIGH
YetiShare 3.5.2-4.5.4 - SQL Injection via sSortDir_0 Parameter
CVSS 8.8
CVE-2019-20405 MEDIUM
Atlassian Jira Server and Data Center 7.13.0-8.5.x - Cross-Site Request Forgery via JMX Monitoring Flag
CVSS 4.3
CVE-2019-20401 MEDIUM
Jira Server 7.6.15-8.5.1 - Cross-Site Request Forgery in Installation Setup
CVSS 6.5
CVE-2019-4613 HIGH
IBM Planning Analytics 2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10784 CRITICAL
phppgadmin < 7.12.1 - Cross-Site Request Forgery in database.php
CVSS 9.6
CVE-2019-7654 MEDIUM
Wowza Streaming Engine <4.8.0 - CSRF
CVSS 6.5
CVE-2019-16513 HIGH
ConnectWise Control <19.3.25270.7185 - CSRF
CVSS 8.8
CVE-2019-3864 HIGH
Red Hat Quay < 3.0.0 - Cross-Site Request Forgery via Reused CSRF Token
CVSS 8.8
CVE-2019-19854 HIGH
Serpico 1.3.0 - Cross-Site Request Forgery via Origin Header
CVSS 8.8
CVE-2019-18271 HIGH
OSIsoft PI Vision < 2019 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-14304 HIGH
Ricoh SP C250DN < 1.09 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-20178 MEDIUM
PEEL Shopping 9.2.1 - Cross-Site Request Forgery via User Deletion
CVSS 6.5
CVE-2019-6319 HIGH
HP DeskJet 3630 All-in-One Printers - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-6320 HIGH
HP DeskJet 3630 All-in-One Printers - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-20077 MEDIUM
Typesetter CMS 5.1 - Cross-Site Request Forgery in Admin Logout Function
CVSS 4.3
CVE-2019-12273 MEDIUM
OutSystems Platform 10-11 - Cross-Site Request Forgery via ImageResourceDetail.aspx
CVSS 6.5
Details
Vulnerabilities 9,376
Exploit Likelihood Medium