CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2019-3718 HIGH
Dell SupportAssist < 3.2.0.90 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10304 MEDIUM
Jenkins XebiaLabs XL Deploy Plugin < 7.5.3 - Cross-Site Request Forgery via Credential Form Validation
CVSS 6.5
CVE-2019-10300 HIGH
Jenkins GitLab Plugin < 1.5.11 - Cross-Site Request Forgery via Test Connection Form
CVSS 8.0
CVE-2019-1797 HIGH
Cisco Wireless LAN Controller Software < 8.3.150.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-1722 MEDIUM
Cisco Expressway Series and TelePresence VCS < X12.5.1 - CSRF in FindMe Feature
CVSS 6.5
CVE-2019-10642 HIGH
Contao 4.7.0-4.7.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9176 MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-11078 HIGH
MKCMS V5.0 - Cross-Site Request Forgery via ucenter/userinfo.php URI
CVSS 8.8
CVE-2019-11077 HIGH
FastAdmin V1.0.0.20190111_beta - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-0229 HIGH
Apache Airflow < 1.10.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-10888 HIGH
UKcms 1.1.10 - Cross-Site Request Forgery via Admin Role Addition
CVSS 8.8
CVE-2019-10874 HIGH
Bolt CMS 3.6.6 - Cross-Site Request Forgery to Remote Code Execution via File Upload
CVSS 8.8
CVE-2019-10292 MEDIUM
Jenkins Kmap Plugin - Cross-Site Request Forgery via Form Validation
CVSS 6.5
CVE-2019-10289 MEDIUM
Jenkins Netsparker Cloud Scan < 1.1.5 - Cross-Site Request Forgery via API Validation Method
CVSS 6.5
CVE-2019-10278 MEDIUM
Jenkins Reviewbot Plugin - Cross-Site Request Forgery via Test Connection Form
CVSS 6.5
CVE-2019-1003098 MEDIUM
Jenkins openid Plugin < 2.4 - Cross-Site Request Forgery via Form Validation Method
CVSS 6.5
CVE-2019-1003092 MEDIUM
Jenkins Nomad Plugin < 0.5.1 - Cross-Site Request Forgery via Test Connection Form
CVSS 6.5
CVE-2019-1003090 MEDIUM
Jenkins SOASTA CloudTest Plugin - CSRF
CVSS 6.5
CVE-2019-1003086 MEDIUM
Jenkins Chef Sinatra Plugin - Cross-Site Request Forgery via Connection Test Form
CVSS 6.5
CVE-2019-1003084 MEDIUM
Jenkins Zephyr Enterprise Test Management Plugin - CSRF
CVSS 6.5
CVE-2019-1003082 MEDIUM
Jenkins Gearman Plugin < 0.4.0 - Cross-Site Request Forgery via Test Connection Form
CVSS 6.5
CVE-2019-1003080 MEDIUM
Jenkins OpenShift Deployer Plugin - CSRF
CVSS 6.5
CVE-2019-1003078 MEDIUM
Jenkins VMware Lab Manager Slaves Plugin - CSRF
CVSS 6.5
CVE-2019-1003076 MEDIUM
Jenkins Audit to Database Plugin - CSRF
CVSS 6.5
CVE-2019-1003058 MEDIUM
Jenkins FTP Publisher Plugin - Cross-Site Request Forgery via doLoginCheck Method
CVSS 6.5
Details
Vulnerabilities 9,378
Exploit Likelihood Medium