CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2019-10673 HIGH
Ultimate Member < 2.0.40 - Authenticated Cross-Site Request Forgery in Profile Edit Form
CVSS 8.8
CVE-2019-3876 MEDIUM
OpenShift Container Platform 3.0-3.11 - Cross-Site Request Forgery in OAuth Token Request Endpoint
CVSS 6.3
CVE-2019-10655 CRITICAL
Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 < 1.0.3.219 - Unauthenticated RCE via getlogcat
CVSS 9.8
CVE-2019-10644 HIGH
HYBBS 2.2 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-9604 HIGH
PHP Scripts Mall Online Lottery <1.7.0 - CSRF
CVSS 8.8
CVE-2019-6607 MEDIUM
BIG-IP ASM Stored XSS in ASM Violation View
CVSS 6.8
CVE-2019-1003046 MEDIUM
Jenkins Fortify on Demand Uploader Plugin <3.0.10 - CSRF
CVSS 6.5
CVE-2019-1003044 HIGH
Jenkins Slack Notification Plugin <2.19 - CSRF
CVSS 7.1
CVE-2019-10237 HIGH
S-CMS PHP v1.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-3809 MEDIUM
Moodle 3.1.0-3.1.15 - Server-Side Request Forgery via MyBackpack Badge URL
CVSS 6.5
CVE-2019-1764 HIGH
Cisco IP Phone 8800 Series Firmware < 11.0(5) or < 12.5(1)SR1 - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-7440 MEDIUM
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
CVSS 6.5
CVE-2019-7433 HIGH
PHP Scripts Mall Rental Bike Script 2.0.3 - CSRF
CVSS 8.8
CVE-2019-7391 HIGH
ZyXEL VMG3312-B10B DSL-491HUNU-B1B v2 - CSRF
CVSS 8.8
CVE-2019-6967 HIGH
AirTies Air5341 1.0.0.12 - Cross-Site Request Forgery via cgi-bin/login
CVSS 8.8
CVE-2019-6282 HIGH
ChinaMobile GPN2.4P21-C-CN Firmware W2001EN-00 - Cross-Site Request Forgery via Wireless Security Page
CVSS 8.8
CVE-2019-9787 HIGH
WordPress < 5.1.1 - Unauthenticated Remote Code Execution via CSRF and XSS in Comment Handling
CVSS 8.8
CVE-2019-9769 HIGH
PilusCart 1.4.1 - Cross-Site Request Forgery via User Creation Endpoint
CVSS 8.8
CVE-2019-5924 HIGH
Smart Forms < 2.6.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5920 HIGH
FormCraft < 1.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9688 HIGH
sftnow < 2018-12-29 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-9652 HIGH
SDCMS V1.7 - Cross-Site Request Forgery via Theme Edit Request
CVSS 8.8
CVE-2019-9598 MEDIUM
Cscms 4.1.0 - Cross-Site Request Forgery in Payment Account Update
CVSS 6.5
CVE-2019-8437 HIGH
njiandan-cms <= 2013-05-23 - Cross-Site Request Forgery to Add Administrator
CVSS 8.8
CVE-2019-6710 HIGH
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 - Cross-Site Request Forgery via login.cgi
CVSS 8.8
Details
Vulnerabilities 9,378
Exploit Likelihood Medium