CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,377 vulnerabilities with CWE-352
CVE-2019-10176 MEDIUM
OpenShift Container Platform 3.11+ - CSRF
CVSS 4.2
CVE-2019-10186 HIGH
moodle < 3.5.7, 3.7.0-3.7.1 - Cross-Site Request Forgery in XML Loading/Unloading Admin Tool
CVSS 8.8
CVE-2019-3959 HIGH
WallacePOS 1.4.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10359 MEDIUM
Jenkins Maven Release Plugin < 0.14.0 - Cross-Site Request Forgery in M2ReleaseAction#doSubmit
CVSS 6.3
CVE-2019-14327 MEDIUM
Custom Simple Rss < 2.0.6 - Cross-Site Request Forgery in Settings Form
CVSS 6.5
CVE-2019-14328 HIGH
WordPress Simple Membership <3.8.5 - CSRF
CVSS 8.8
CVE-2019-14228 MEDIUM
Xavier PHP Management Panel 3.0 - XSS
CVSS 6.1
CVE-2019-4212 HIGH
IBM QRadar SIEM 7.2.0-7.2.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-11712 HIGH
Firefox ESR < 60.8 & Firefox < 68 & Thunderbird < 60.8 - CSRF
CVSS 8.8
CVE-2019-14240 HIGH
WCMS 0.3.2 - Cross-Site Request Forgery and Path Traversal via /wex/html.php
CVSS 8.1
CVE-2019-12934 HIGH
wp-code-highlightjs < 0.6.2 - Cross-Site Request Forgery via hljs_additional_css Parameter
CVSS 8.8
CVE-2019-13974 HIGH
LayerBB 1.1.3 - Cross-Site Request Forgery via conversations.php/cmd/new
CVSS 8.8
CVE-2019-7953 MEDIUM
Adobe Experience Manager <6.4 - CSRF
CVSS 6.5
CVE-2019-13961 HIGH
flatcore < 1.5 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2019-1010112 HIGH
OECMS >= 4.3 - Cross-Site Request Forgery via admincp.php
CVSS 8.8
CVE-2019-9231 HIGH
AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR, 800C-MSBR < 7.20A.202.307 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13949 HIGH
SyGuestBook A5 1.2 - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2019-1010096 HIGH
DomainMOD 4.10.0 - Cross-Site Request Forgery in User Role Update
CVSS 8.8
CVE-2019-1010095 HIGH
DomainMOD 4.10.0 - Cross-Site Request Forgery in Admin User Addition
CVSS 8.8
CVE-2019-1010094 HIGH
domainmod 4.10.0 - Cross-Site Request Forgery in Password and User Management
CVSS 8.8
CVE-2019-1010054 HIGH
Dolibarr 7.0.0 - Cross-Site Request Forgery in User Management Functions
CVSS 8.8
CVE-2019-10353 HIGH
Jenkins < 2.176.1 and < 2.185 - Cross-Site Request Forgery via Non-Expiring Tokens
CVSS 7.5
CVE-2019-13611 HIGH
python-engineio < 3.8.2 - Cross-Site WebSocket Hijacking via Origin Header
CVSS 8.8
CVE-2019-13594 HIGH
Mirumee Saleor 2.7.0 - Cross-Site Request Forgery via Missing CSRF Token Validation
CVSS 8.8
CVE-2019-13563 HIGH
D-Link DIR-655 C <3.02B05 BETA03 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,377
Exploit Likelihood Medium