CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,377 vulnerabilities with CWE-352
CVE-2019-7281 HIGH
Prima Systems FlexAir <2.3.38 - CSRF
CVSS 8.8
CVE-2019-12826 HIGH
Widget Logic < 5.10.2 - Cross-Site Request Forgery to Remote Code Execution via Widget Snippet Injection
CVSS 8.8
CVE-2019-5814 MEDIUM
Google Chrome < 74.0.3729.108 - Cross-Site Request Forgery via Crafted HTML Page
CVSS 6.5
CVE-2019-6166 HIGH
Lenovo Service Bridge < 4.1.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9958 HIGH
Quadbase EspressReport ES <7.0.7 - CSRF
CVSS 8.8
CVE-2019-12836 HIGH
Bobronix JEditor < 3.0.6 - Cross-Site Request Forgery via URL/Link in Issue
CVSS 8.8
CVE-2019-1904 HIGH
Cisco IOS XE - Cross-Site Request Forgery in Web UI
CVSS 8.8
CVE-2019-1874 HIGH
Cisco Prime Service Catalog - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-1632 MEDIUM
Cisco Integrated Management Controller - Authenticated Cross-Site Request Forgery
CVSS 4.6
CVE-2019-4142 HIGH
IBM Cloud Private 2.1.0, 3.1.0-3.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-6325 HIGH
HP T6b80a Firmware < 2019-04-19 - CSRF
CVSS 8.8
CVE-2019-0996 MEDIUM
Azure DevOps Server - Cross-Site Request Forgery via OAuth Application Registration
CVSS 6.5
CVE-2019-3410 MEDIUM
ZTE WF820+ LTE Outdoor CPE Firmware < 1.0.0b06 - Cross-Site Request Forgery
CVSS 4.6
CVE-2019-10338 HIGH
Jenkins JX Resources Plugin < 1.0.36 - Cross-Site Request Forgery via GlobalPluginConfiguration#doValidateClient
CVSS 8.8
CVE-2019-10331 MEDIUM
Jenkins ElectricFlow < 1.1.5 - Cross-Site Request Forgery via Configuration Test Connection
CVSS 4.3
CVE-2019-11517 MEDIUM
WampServer < 3.1.9 - Cross-Site Request Forgery in add_vhost.php
CVSS 6.5
CVE-2019-1881 MEDIUM
Cisco Industrial Network Director - CSRF
CVSS 4.7
CVE-2019-12616 MEDIUM
phpMyAdmin < 4.9.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-9883 HIGH
MailSherlock MSR35 and MSR45 - Cross-Site Request Forgery via useradmin/cf_new.cgi
CVSS 8.8
CVE-2019-9882 HIGH
MailSherlock MSR35 and MSR45 - Cross-Site Request Forgery via user/save_list.php
CVSS 8.8
CVE-2019-10326 MEDIUM
Jenkins Warnings NG Plugin <= 5.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-10324 MEDIUM
Jenkins Artifactory Plugin < 3.2.3 - Cross-Site Request Forgery in Release and Staging Actions
CVSS 6.5
CVE-2019-10321 MEDIUM
Jenkins Artifactory Plugin <= 3.2.2 - Cross-Site Request Forgery via Test Connection
CVSS 4.3
CVE-2019-12502 HIGH
MOBOTIX S14 MX-V4.2.1.61 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2019-12361 MEDIUM
EmpireCMS 7.5.0 - Cross-Site Scripting via from Parameter in Member Action Handler
CVSS 6.1
Details
Vulnerabilities 9,377
Exploit Likelihood Medium