CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,377 vulnerabilities with CWE-352
CVE-2019-10176
MEDIUM
OpenShift Container Platform 3.11+ - CSRF
CVSS 4.2
CVE-2019-10186
HIGH
moodle < 3.5.7, 3.7.0-3.7.1 - Cross-Site Request Forgery in XML Loading/Unloading Admin Tool
CVSS 8.8
CVE-2019-3959
HIGH
WallacePOS 1.4.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10359
MEDIUM
Jenkins Maven Release Plugin < 0.14.0 - Cross-Site Request Forgery in M2ReleaseAction#doSubmit
CVSS 6.3
CVE-2019-14327
MEDIUM
Custom Simple Rss < 2.0.6 - Cross-Site Request Forgery in Settings Form
CVSS 6.5
CVE-2019-14328
HIGH
WordPress Simple Membership <3.8.5 - CSRF
CVSS 8.8
CVE-2019-14228
MEDIUM
Xavier PHP Management Panel 3.0 - XSS
CVSS 6.1
CVE-2019-4212
HIGH
IBM QRadar SIEM 7.2.0-7.2.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-11712
HIGH
Firefox ESR < 60.8 & Firefox < 68 & Thunderbird < 60.8 - CSRF
CVSS 8.8
CVE-2019-14240
HIGH
WCMS 0.3.2 - Cross-Site Request Forgery and Path Traversal via /wex/html.php
CVSS 8.1
CVE-2019-12934
HIGH
wp-code-highlightjs < 0.6.2 - Cross-Site Request Forgery via hljs_additional_css Parameter
CVSS 8.8
CVE-2019-13974
HIGH
LayerBB 1.1.3 - Cross-Site Request Forgery via conversations.php/cmd/new
CVSS 8.8
CVE-2019-7953
MEDIUM
Adobe Experience Manager <6.4 - CSRF
CVSS 6.5
CVE-2019-13961
HIGH
flatcore < 1.5 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2019-1010112
HIGH
OECMS >= 4.3 - Cross-Site Request Forgery via admincp.php
CVSS 8.8
CVE-2019-9231
HIGH
AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR, 800C-MSBR < 7.20A.202.307 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13949
HIGH
SyGuestBook A5 1.2 - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2019-1010096
HIGH
DomainMOD 4.10.0 - Cross-Site Request Forgery in User Role Update
CVSS 8.8
CVE-2019-1010095
HIGH
DomainMOD 4.10.0 - Cross-Site Request Forgery in Admin User Addition
CVSS 8.8
CVE-2019-1010094
HIGH
domainmod 4.10.0 - Cross-Site Request Forgery in Password and User Management
CVSS 8.8
CVE-2019-1010054
HIGH
Dolibarr 7.0.0 - Cross-Site Request Forgery in User Management Functions
CVSS 8.8
CVE-2019-10353
HIGH
Jenkins < 2.176.1 and < 2.185 - Cross-Site Request Forgery via Non-Expiring Tokens
CVSS 7.5
CVE-2019-13611
HIGH
python-engineio < 3.8.2 - Cross-Site WebSocket Hijacking via Origin Header
CVSS 8.8
CVE-2019-13594
HIGH
Mirumee Saleor 2.7.0 - Cross-Site Request Forgery via Missing CSRF Token Validation
CVSS 8.8
CVE-2019-13563
HIGH
D-Link DIR-655 C <3.02B05 BETA03 - CSRF
CVSS 8.8
Details
Vulnerabilities
9,377
Exploit Likelihood
Medium