CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-15934 HIGH
Intesync Solismed 3.3sp - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-0398 HIGH
SAP BusinessObjects Business Intelligence Platform - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-4095 MEDIUM
IBM Cloud Pak System 2.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-19685 HIGH
nopCommerce 4.2.0 - Cross-Site Request Forgery via RoxyFileman GET Requests
CVSS 8.8
CVE-2019-16752 MEDIUM
Dash Core < 0.14.0.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-18346 HIGH
DAViCal < 1.1.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-19516 MEDIUM
Intelbras WRN 150 1.0.18 - Cross-Site Request Forgery via Password Change
CVSS 6.5
CVE-2019-19469 HIGH
Zmanda Management Console <3.3.9 - CSRF
CVSS 8.8
CVE-2019-19375 MEDIUM
Octopus Deploy < 2019.10.7 and 2019.6.0-2019.6.14 - Cross-Site Request Forgery via Insecure CSRF Cookie Attribute
CVSS 5.3
CVE-2019-17590 HIGH
csrf_magic < 2016-03-27 - Cross-Site Request Forgery Protection Bypass via Token Tampering
CVSS 8.8
CVE-2019-18677 MEDIUM
Squid 2.0-2.7 and 3.x-4.8 - Cross-Site Request Forgery via append_domain Setting
CVSS 6.1
CVE-2019-16002 MEDIUM
Cisco SD-WAN Firmware < 19.2.0 - Cross-Site Request Forgery in vManage Web UI
CVSS 6.5
CVE-2019-19013 HIGH
Pagekit 1.0.17 - Cross-Site Request Forgery via CSRF Token Removal
CVSS 8.8
CVE-2019-16548 HIGH
Jenkins Google Compute Engine Plugin <4.1.1 - CSRF
CVSS 8.8
CVE-2019-18651 MEDIUM
3xLogic Infinias Access Control <=6.6.9586.0 - CSRF
CVSS 6.5
CVE-2019-18884 HIGH
RISE Ultimate Project Manager 2.3 - CSRF
CVSS 8.8
CVE-2019-17237 HIGH
igniteup < 3.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-18411 HIGH
ManageEngine ADSelfService Plus 5.x-5803 - Cross-Site Request Forgery on Profile Information Page
CVSS 8.8
CVE-2019-18650 HIGH
Joomla! < 3.9.12 - Cross-Site Request Forgery in com_template
CVSS 8.8
CVE-2019-8155 HIGH
Magento 1.5.0.0-1.9.4.2 and 1.9.0.0-1.14.4.2 - Cross-Site Request Forgery via CSRF Token in URL
CVSS 7.5
CVE-2019-8109 HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via CSRF
CVSS 8.0
CVE-2019-13497 MEDIUM
One Identity Cloud Access Manager < 8.1.4 - Cross-Site Request Forgery via Logout Request
CVSS 6.5
CVE-2019-18206 HIGH
Zucchetti InfoBusiness <= 4.4.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9926 HIGH
LabKey Server 19.1.0 - Cross-Site Request Forgery via reports-viewScriptReport.view
CVSS 8.8
CVE-2019-8234 MEDIUM
Adobe Experience Manager 6.2-6.4 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,376
Exploit Likelihood Medium