CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,377 vulnerabilities with CWE-352
CVE-2019-10847 HIGH
Computrols CBAS < 19.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-12253 MEDIUM
my little forum < 2.4.20 - Cross-Site Request Forgery via Post Deletion
CVSS 6.5
CVE-2019-12239 HIGH
WP Booking System < 1.5.2 - Cross-Site Request Forgery
CVSS 7.2
CVE-2019-11886 HIGH
WaspThemes Visual CSS Style Editor <7.2.1 - CSRF
CVSS 8.8
CVE-2019-7746 HIGH
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 - Info Disclosure
CVSS 8.1
CVE-2019-11569 HIGH
Veeam ONE Reporter <9.5.0.3201 - CSRF
CVSS 8.8
CVE-2019-5431 MEDIUM
Twitter Kit for iOS <3.4.0 - Callback Verification Flaw
CVSS 5.4
CVE-2019-5430 HIGH
UniFi Video < 3.10.0 - Cross-Site Request Forgery via Web API
CVSS 8.8
CVE-2019-1857 MEDIUM
Cisco HyperFlex HX-Series - Unauthenticated Cross-Site Request Forgery
CVSS 6.1
CVE-2019-1713 HIGH
Cisco Adaptive Security Appliance Software < 9.4.4.34 and 9.5-9.6.4.25 - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-11617 HIGH
doorgets_cms 7.0 - Cross-Site Request Forgery in User Configuration Request
CVSS 8.8
CVE-2019-11193 MEDIUM
DirectAdmin < 1.561 - Cross-Site Scripting via FileManager CMD_FILE_MANAGER Parameter
CVSS 6.1
CVE-2019-10315 HIGH
Jenkins GitHub Authentication Plugin < 0.31 - Cross-Site Request Forgery via OAuth State Parameter
CVSS 8.8
CVE-2019-10310 HIGH
Jenkins Ansible Tower Plugin < 0.9.1 - Cross-Site Request Forgery via TowerInstallation Connection Test
CVSS 8.8
CVE-2019-10307 MEDIUM
Jenkins Static Analysis Utilities Plugin < 1.95 - Cross-Site Request Forgery via DefaultGraphConfigurationView#doSave
CVSS 6.5
CVE-2019-11591 HIGH
WebDorado Contact Form <1.13.5 - CSRF
CVSS 8.8
CVE-2019-11590 HIGH
10Web Form Maker < 1.13.5 - Cross-Site Request Forgery and Local File Inclusion via Admin-Ajax Action Parameter
CVSS 8.8
CVE-2019-11557 HIGH
WebDorado Contact Form Builder <1.0.69 - CSRF
CVSS 8.8
CVE-2019-8991 HIGH
TIBCO ActiveMatrix BPM <= 4.2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-11203 MEDIUM
TIBCO ActiveMatrix BPM and Silver Fabric Enabler <= 4.2.0 - Cross-Site Request Forgery
CVSS 6.1
CVE-2019-11456 HIGH
Gila CMS 1.10.1 - Cross-Site Request Forgery via fm/save Endpoint
CVSS 8.8
CVE-2019-11416 HIGH
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery via v1/system/user
CVSS 8.8
CVE-2019-11375 MEDIUM
Msvod v10 - Cross-Site Request Forgery via admin/member/edit.html
CVSS 6.5
CVE-2019-11374 HIGH
74cms 5.0.1 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-3718 HIGH
Dell SupportAssist < 3.2.0.90 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,377
Exploit Likelihood Medium