CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-18414 HIGH
Sourcecodester Restaurant Management System 1.0 - Cross-Site Request Forgery in admin/staff-exec.php
CVSS 8.8
CVE-2019-12095 HIGH
Horde Groupware < 5.2.22 - Cross-Site Request Forgery via treanBookmarkTags Parameter
CVSS 8.8
CVE-2019-9597 MEDIUM
Darktrace Enterprise Immune System <3.1 - CSRF
CVSS 6.5
CVE-2019-9596 MEDIUM
Darktrace Enterprise Immune System <3.1 - CSRF
CVSS 6.5
CVE-2019-18280 HIGH
Sourcecodester Online Grading System 1.0 - Cross-Site Request Forgery via User Creation
CVSS 8.8
CVE-2019-18220 HIGH
Sitemagic CMS 4.4.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10471 HIGH
Jenkins Libvirt Slaves Plugin < 1.8.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10468 HIGH
Jenkins Kubernetes CI < 1.3 - Cross-Site Request Forgery via Credential Capture
CVSS 8.8
CVE-2019-10464 HIGH
Jenkins Deploy WebLogic Plugin < 4.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10462 HIGH
Jenkins Dynatrace Application Monitoring < 2.1.3 - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-17367 HIGH
OpenWRT 18.06.4 - Cross-Site Request Forgery via Network Configuration Endpoints
CVSS 8.8
CVE-2019-17118 HIGH
WiKID 2FA Enterprise Server <= 4.2.0-b2053 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-17676 HIGH
MetInfo 7.0.0beta - Cross-Site Request Forgery via doSaveSetup Action
CVSS 8.8
CVE-2019-17675 HIGH
WordPress < 5.2.4 - Cross-Site Request Forgery via Type Confusion in Admin Referer Validation
CVSS 8.8
CVE-2019-12636 HIGH
Cisco Small Business Smart and Managed Switches < 2.5.0.90 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10456 MEDIUM
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin < 1.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-10454 MEDIUM
Jenkins Rundeck Plugin < 3.6.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-10441 MEDIUM
Jenkins iceScrum Plugin < 1.1.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-10437 HIGH
Jenkins CRX Content Package Deployer Plugin < 1.8.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-17600 CRITICAL
Intelbras IWR 1000N 1.6.4 - Information Disclosure via v1/system/user Endpoint
CVSS 9.8
CVE-2019-17593 HIGH
jizhicms 1.5.1 - Cross-Site Request Forgery via Admin Addition
CVSS 8.8
CVE-2019-17521 MEDIUM
Landing-CMS 0.0.6 - Cross-Site Request Forgery via Password Change URI
CVSS 6.5
CVE-2019-17495 CRITICAL
Swagger UI < 3.23.11 - CSS Injection via Relative Path Overwrite
CVSS 9.8
CVE-2019-17386 HIGH
animate_it! < 2.3.6 - Cross-Site Request Forgery in edsanimate.php
CVSS 8.8
CVE-2019-17432 MEDIUM
fastadmin 1.0.0.20190705_beta - Cross-Site Request Forgery in Admin Config Editor
CVSS 6.5
Details
Vulnerabilities 9,376
Exploit Likelihood Medium