CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-15496 HIGH
MyT Project Management 1.5.1 - Cross-Site Request Forgery via User Creation
CVSS 8.8
CVE-2019-10384 HIGH
Jenkins < 2.176.3 - Cross-Site Request Forgery via Non-Expiring CSRF Tokens
CVSS 8.8
CVE-2019-11457 HIGH
MicroPyramid Django CRM 0.2.1 - CSRF
CVSS 8.8
CVE-2019-15660 HIGH
WP-Members < 3.2.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15648 MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-15645 HIGH
Zoho SalesIQ < 1.0.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15515 MEDIUM
Discourse 2.3.2 - Cross-Site Request Forgery via Query String Token
CVSS 6.5
CVE-2019-8447 MEDIUM
Jira Server 7.13.0-8.3.1 - Cross-Site Request Forgery via ServiceExecutor Resource
CVSS 4.3
CVE-2019-14999 MEDIUM
Atlassian Universal Plugin Manager <2.22.19, 3.0.0-3.0.3, 4.0.0-4.0.3 CSRF via Uninstall REST Endpoint
CVSS 4.3
CVE-2019-11588 MEDIUM
Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - CSRF
CVSS 4.3
CVE-2019-11587 MEDIUM
Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - CSRF
CVSS 6.5
CVE-2019-11586 MEDIUM
Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - CSRF
CVSS 4.3
CVE-2019-15491 HIGH
openITCOCKPIT < 3.7.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15329 HIGH
import_users_from_csv_with_meta < 1.14.0.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13477 HIGH
Webpanel - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-12624 HIGH
Cisco IOS XE 3.0.xe-3.11.xe - Cross-Site Request Forgery in Web-Based Management Interface
CVSS 8.8
CVE-2019-4167 MEDIUM
IBM StoredIQ 7.6.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-4117 HIGH
IBM Cloud Private 3.1.1-3.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15238 HIGH
Cformsii < 15.0.2 - CSRF
CVSS 8.8
CVE-2019-15229 HIGH
FUEL CMS < 1.4.4 - Cross-Site Request Forgery in Admin Console Blocks Creation
CVSS 8.8
CVE-2019-15150 HIGH
mw-oauth2client < 0.4 - Cross-Site Request Forgery via OAuth2 State Parameter
CVSS 8.8
CVE-2019-15115 HIGH
loginwp < 2.9.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15114 HIGH
formcraft-form-builder < 1.2.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-15113 HIGH
companion_sitemap_generator < 3.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13516 HIGH
OSIsoft PI Web API < 2018 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,376
Exploit Likelihood Medium