CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,377 vulnerabilities with CWE-352
CVE-2019-7281
HIGH
Prima Systems FlexAir <2.3.38 - CSRF
CVSS 8.8
CVE-2019-12826
HIGH
Widget Logic < 5.10.2 - Cross-Site Request Forgery to Remote Code Execution via Widget Snippet Injection
CVSS 8.8
CVE-2019-5814
MEDIUM
Google Chrome < 74.0.3729.108 - Cross-Site Request Forgery via Crafted HTML Page
CVSS 6.5
CVE-2019-6166
HIGH
Lenovo Service Bridge < 4.1.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9958
HIGH
Quadbase EspressReport ES <7.0.7 - CSRF
CVSS 8.8
CVE-2019-12836
HIGH
Bobronix JEditor < 3.0.6 - Cross-Site Request Forgery via URL/Link in Issue
CVSS 8.8
CVE-2019-1904
HIGH
Cisco IOS XE - Cross-Site Request Forgery in Web UI
CVSS 8.8
CVE-2019-1874
HIGH
Cisco Prime Service Catalog - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-1632
MEDIUM
Cisco Integrated Management Controller - Authenticated Cross-Site Request Forgery
CVSS 4.6
CVE-2019-4142
HIGH
IBM Cloud Private 2.1.0, 3.1.0-3.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-6325
HIGH
HP T6b80a Firmware < 2019-04-19 - CSRF
CVSS 8.8
CVE-2019-0996
MEDIUM
Azure DevOps Server - Cross-Site Request Forgery via OAuth Application Registration
CVSS 6.5
CVE-2019-3410
MEDIUM
ZTE WF820+ LTE Outdoor CPE Firmware < 1.0.0b06 - Cross-Site Request Forgery
CVSS 4.6
CVE-2019-10338
HIGH
Jenkins JX Resources Plugin < 1.0.36 - Cross-Site Request Forgery via GlobalPluginConfiguration#doValidateClient
CVSS 8.8
CVE-2019-10331
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Cross-Site Request Forgery via Configuration Test Connection
CVSS 4.3
CVE-2019-11517
MEDIUM
WampServer < 3.1.9 - Cross-Site Request Forgery in add_vhost.php
CVSS 6.5
CVE-2019-1881
MEDIUM
Cisco Industrial Network Director - CSRF
CVSS 4.7
CVE-2019-12616
MEDIUM
phpMyAdmin < 4.9.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-9883
HIGH
MailSherlock MSR35 and MSR45 - Cross-Site Request Forgery via useradmin/cf_new.cgi
CVSS 8.8
CVE-2019-9882
HIGH
MailSherlock MSR35 and MSR45 - Cross-Site Request Forgery via user/save_list.php
CVSS 8.8
CVE-2019-10326
MEDIUM
Jenkins Warnings NG Plugin <= 5.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-10324
MEDIUM
Jenkins Artifactory Plugin < 3.2.3 - Cross-Site Request Forgery in Release and Staging Actions
CVSS 6.5
CVE-2019-10321
MEDIUM
Jenkins Artifactory Plugin <= 3.2.2 - Cross-Site Request Forgery via Test Connection
CVSS 4.3
CVE-2019-12502
HIGH
MOBOTIX S14 MX-V4.2.1.61 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2019-12361
MEDIUM
EmpireCMS 7.5.0 - Cross-Site Scripting via from Parameter in Member Action Handler
CVSS 6.1
Details
Vulnerabilities
9,377
Exploit Likelihood
Medium