CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,377 vulnerabilities with CWE-352
CVE-2019-12363 HIGH
mybb-2fa < 2014-11-05 - Cross-Site Request Forgery via usercp.php
CVSS 8.8
CVE-2019-10340 HIGH
Jenkins Docker Plugin < 1.1.6 - Cross-Site Request Forgery via Test Connection
CVSS 8.8
CVE-2019-12466 HIGH
MediaWiki < 1.32.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13071 HIGH
CyberPower PowerPanel Business Edition 3.4.0 - Cross-Site Request Forgery in Agent/Center Component
CVSS 8.8
CVE-2019-12923 MEDIUM
MailEnable 6.0-<6.90 - Cross-Site Request Forgery via Anti-CSRF Token Removal
CVSS 6.5
CVE-2019-13401 HIGH
Fortinet FCM-MB40 1.2.0.0 - Cross-Site Request Forgery in cgi-bin Scripts
CVSS 8.8
CVE-2019-13183 HIGH
Flarum < 0.1.0-beta.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13370 HIGH
ignitedcms < 2017-02-19 - Cross-Site Request Forgery in Admin Permissions
CVSS 8.8
CVE-2019-5984 HIGH
Custom CSS Pro < 1.0.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5983 HIGH
HTML5 Maps < 1.6.5.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5980 HIGH
Related YouTube Videos < 1.9.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5979 HIGH
Personalized WooCommerce Cart Page < 2.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5974 HIGH
Contest Gallery < 10.4.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5973 HIGH
Online Lesson Booking < 0.8.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5971 HIGH
attendance_manager <= 0.5.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5968 HIGH
GROWI < 3.4.6 - Cross-Site Request Forgery via User Basic Info Update
CVSS 8.8
CVE-2019-5963 HIGH
Zoho SalesIQ < 1.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5960 HIGH
WP Open Graph < 1.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-6636 HIGH
BIG-IP AFM and ASM 12.0.0-12.1.4 - Stored Cross-Site Scripting in AFM Feed List
CVSS 8.4
CVE-2019-12851 HIGH
JetBrains YouTrack < 2018.4.49852 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5630 MEDIUM
Rapid7 Nexpose 6.5.0-6.5.68 - Cross-Site Request Forgery via Flash Pre-Flight Bypass
CVSS 5.9
CVE-2019-7262 HIGH
Linear eMerge Essential and Elite Firmware < 1.00-06 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-7270 HIGH
Linear eMerge 50P/5000P Firmware < 4.6.07 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-13056 HIGH
CyberPanel < 1.8.4 - Cross-Site Request Forgery on User Edit Page
CVSS 8.8
CVE-2019-7273 HIGH
Optergy Enterprise and Proton < 2.3.0a - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,377
Exploit Likelihood Medium