CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-12922 MEDIUM
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery in Setup Page
CVSS 6.5
CVE-2019-5993 HIGH
Category Specific RSS feed Subscription < 2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5992 HIGH
WordPress Ultra Simple Paypal Shopping Cart < 4.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5986 HIGH
NTT-EAST Hikari Denwa Router/Home Gateway Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-1261 HIGH
Microsoft SharePoint - Cross-Site Request Forgery via Application Authorization Request
CVSS 8.8
CVE-2019-1259 HIGH
Microsoft SharePoint Foundation - Spoofing via Cross-Site Request Forgery
CVSS 8.8
CVE-2019-14998 MEDIUM
Jira Server 7.4.0-8.3.9 - Cross-Site Request Forgery Protection Bypass via Cookie Tossing
CVSS 6.5
CVE-2019-10253 MEDIUM
TeamMate+ 21.0.0.0 - Cross-Site Request Forgery via Upload/DomainObjectDocumentUpload.ashx
CVSS 6.5
CVE-2019-16099 HIGH
Silver Peak EdgeConnect <8.1.7.x - CSRF
CVSS 8.8
CVE-2019-15128 MEDIUM
iF.SVNAdmin < 1.6.2 - Cross-Site Request Forgery via User Creation Endpoint
CVSS 6.5
CVE-2019-16059 HIGH
Sentrifugo 3.2 - Cross-Site Request Forgery via index.php/dashboard/viewprofile
CVSS 8.8
CVE-2019-15868 HIGH
WordPress affiliates-manager <2.6.6 - CSRF
CVSS 8.8
CVE-2019-15865 HIGH
breadcrumbs-by-menu < 1.0.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15841 HIGH
Facebook-for-WooCommerce <1.9.15 - CSRF
CVSS 8.8
CVE-2019-15840 HIGH
Facebook-for-WooCommerce <1.9.14 - CSRF
CVSS 8.8
CVE-2019-15835 HIGH
WP Better Permalinks < 3.0.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15834 HIGH
webp-converter-for-media < 1.0.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15832 HIGH
visitor_traffic_real_time_statistics < 1.13 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15831 HIGH
Visitor Traffic Real Time Statistics < 1.12 - Cross-Site Request Forgery in Settings Page
CVSS 8.8
CVE-2019-15828 HIGH
Tribulant One Click SSL < 1.4.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15781 HIGH
facebook-by-weblizar < 2.8.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15779 HIGH
wp_social_feed_gallery < 2.4.8 - Cross-Site Request Forgery via Notice Dismissal and Form Item Deletion
CVSS 8.8
CVE-2019-15770 HIGH
WooCommerce Address Book < 1.6.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15769 HIGH
handl_utm_grabber < 2.6.5 - Cross-Site Request Forgery via add_option and update_option
CVSS 8.8
CVE-2019-10057 MEDIUM
Lexmark CS31X CS41X CX310 MS310 MS312 MS317 MS410 M1140 MS315 MS415 MS417 MX31X XM1135 MS51X MS610DN Firmware CSRF
CVSS 6.5
Details
Vulnerabilities 9,376
Exploit Likelihood Medium