CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,378 vulnerabilities with CWE-352
CVE-2019-10673
HIGH
Ultimate Member < 2.0.40 - Authenticated Cross-Site Request Forgery in Profile Edit Form
CVSS 8.8
CVE-2019-3876
MEDIUM
OpenShift Container Platform 3.0-3.11 - Cross-Site Request Forgery in OAuth Token Request Endpoint
CVSS 6.3
CVE-2019-10655
CRITICAL
Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 < 1.0.3.219 - Unauthenticated RCE via getlogcat
CVSS 9.8
CVE-2019-10644
HIGH
HYBBS 2.2 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-9604
HIGH
PHP Scripts Mall Online Lottery <1.7.0 - CSRF
CVSS 8.8
CVE-2019-6607
MEDIUM
BIG-IP ASM Stored XSS in ASM Violation View
CVSS 6.8
CVE-2019-1003046
MEDIUM
Jenkins Fortify on Demand Uploader Plugin <3.0.10 - CSRF
CVSS 6.5
CVE-2019-1003044
HIGH
Jenkins Slack Notification Plugin <2.19 - CSRF
CVSS 7.1
CVE-2019-10237
HIGH
S-CMS PHP v1.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-3809
MEDIUM
Moodle 3.1.0-3.1.15 - Server-Side Request Forgery via MyBackpack Badge URL
CVSS 6.5
CVE-2019-1764
HIGH
Cisco IP Phone 8800 Series Firmware < 11.0(5) or < 12.5(1)SR1 - Cross-Site Request Forgery
CVSS 8.1
CVE-2019-7440
MEDIUM
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
CVSS 6.5
CVE-2019-7433
HIGH
PHP Scripts Mall Rental Bike Script 2.0.3 - CSRF
CVSS 8.8
CVE-2019-7391
HIGH
ZyXEL VMG3312-B10B DSL-491HUNU-B1B v2 - CSRF
CVSS 8.8
CVE-2019-6967
HIGH
AirTies Air5341 1.0.0.12 - Cross-Site Request Forgery via cgi-bin/login
CVSS 8.8
CVE-2019-6282
HIGH
ChinaMobile GPN2.4P21-C-CN Firmware W2001EN-00 - Cross-Site Request Forgery via Wireless Security Page
CVSS 8.8
CVE-2019-9787
HIGH
WordPress < 5.1.1 - Unauthenticated Remote Code Execution via CSRF and XSS in Comment Handling
CVSS 8.8
CVE-2019-9769
HIGH
PilusCart 1.4.1 - Cross-Site Request Forgery via User Creation Endpoint
CVSS 8.8
CVE-2019-5924
HIGH
Smart Forms < 2.6.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-5920
HIGH
FormCraft < 1.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9688
HIGH
sftnow < 2018-12-29 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-9652
HIGH
SDCMS V1.7 - Cross-Site Request Forgery via Theme Edit Request
CVSS 8.8
CVE-2019-9598
MEDIUM
Cscms 4.1.0 - Cross-Site Request Forgery in Payment Account Update
CVSS 6.5
CVE-2019-8437
HIGH
njiandan-cms <= 2013-05-23 - Cross-Site Request Forgery to Add Administrator
CVSS 8.8
CVE-2019-6710
HIGH
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 - Cross-Site Request Forgery via login.cgi
CVSS 8.8
Details
Vulnerabilities
9,378
Exploit Likelihood
Medium