CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-19737 HIGH
MFScripts YetiShare 3.5.2-4.5.3 - Cross-Site Request Forgery via Session Cookie
CVSS 8.8
CVE-2019-20071 MEDIUM
Netis DL4323 Firmware - Cross-Site Request Forgery via form2logaction.cgi
CVSS 6.5
CVE-2019-19995 HIGH
Intelbras IWR 3000N 1.8.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-16326 HIGH
D-Link DIR-601 B1 2.00NA - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-6030 HIGH
Custom Body Class < 0.6.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-6027 HIGH
Wpspellcheck < 7.1.9 - CSRF
CVSS 8.8
CVE-2019-19981 MEDIUM
Email Subscribers & Newsletters < 4.2.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2019-19979 HIGH
WP Maintenance < 5.0.6 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 8.8
CVE-2019-4736 MEDIUM
IBM Financial Transaction Manager 3.0 - CSRF
CVSS 4.3
CVE-2019-4231 MEDIUM
IBM Cognos Analytics 11.0.0-11.0.11 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-19915 CRITICAL
301 Redirects - Easy Redirect Manager < 2.45 - Authenticated Cross-Site Request Forgery via Redirect Rule Manipulation
CVSS 9.0
CVE-2019-17633 HIGH
Eclipse Che 6.16.0-7.3.0 - Unauthenticated Workspace Creation via CSRF
CVSS 8.8
CVE-2019-19833 MEDIUM
Tautulli 2.1.9 - Cross-Site Request Forgery via /shutdown Endpoint
CVSS 6.5
CVE-2019-19832 HIGH
Xerox AltaLink C8035 Firmware - Cross-Site Request Forgery via Device User Database Form
CVSS 8.8
CVE-2019-11657 HIGH
Micro Focus ArcSight Logger <7.0 - CSRF
CVSS 8.8
CVE-2019-16575 HIGH
Jenkins Alauda Kubernetes Suport Plugin <2.3.0 - CSRF
CVSS 8.8
CVE-2019-16573 HIGH
Jenkins Alauda DevOps Pipeline Plugin <2.3.2 - CSRF
CVSS 8.8
CVE-2019-16570 HIGH
Jenkins RapidDeploy Plugin <4.1 - CSRF
CVSS 8.8
CVE-2019-16569 MEDIUM
Jenkins Mantis Plugin < 0.26 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-16565 HIGH
Jenkins Team Concert Plugin <1.3.0 - CSRF
CVSS 8.8
CVE-2019-16560 HIGH
Jenkins WebSphere Deployer Plugin <1.6.1 - CSRF
CVSS 8.8
CVE-2019-16553 HIGH
Jenkins Build Failure Analyzer Plugin <1.24.1 - CSRF
CVSS 8.8
CVE-2019-16551 HIGH
Jenkins Gerrit Trigger Plugin <2.30.1 - CSRF
CVSS 8.8
CVE-2019-16550 HIGH
Jenkins Maven Release Plugin <0.16.1 - CSRF
CVSS 8.8
CVE-2019-13930 HIGH
Siemens XHQ < 6.0.0.2 - Authenticated Cross-Site Request Forgery
CVSS 8.1
Details
Vulnerabilities 9,376
Exploit Likelihood Medium