CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2019-1003010 MEDIUM
Jenkins Git Plugin < 3.9.1 - Cross-Site Request Forgery in GitTagAction
CVSS 4.3
CVE-2019-1003008 HIGH
Jenkins Warnings Next Gen <2.1.1 - CSRF
CVSS 8.8
CVE-2019-1003007 HIGH
Jenkins Warnings Plugin <5.0.0 - CSRF
CVSS 8.8
CVE-2019-7402 MEDIUM
PHPMyWind 5.5 - Cross-Site Scripting in GetQQ Function via cfg_qqcode Parameter
CVSS 6.1
CVE-2019-1000022 HIGH
taoensso/sente < 1.14.0 - Cross-Site Request Forgery via WebSocket Handshake Endpoint
CVSS 8.8
CVE-2019-1000003 HIGH
MapSVG Lite 3.2.3 - Cross-Site Request Forgery via mapsvg_save REST Endpoint
CVSS 8.8
CVE-2019-7346 HIGH
ZoneMinder <= 1.32.3 - Cross-Site Request Forgery via Failed Request Retry
CVSS 8.8
CVE-2019-3604 MEDIUM
McAfee ePO (legacy) Cloud - Cross-Site Request Forgery
CVSS 4.8
CVE-2019-6779 HIGH
cscms 4.1.8 - Cross-Site Request Forgery via Admin Links Save Endpoint
CVSS 8.1
CVE-2019-1658 MEDIUM
Cisco Unified Intelligence Center - Cross-Site Request Forgery
CVSS 4.7
CVE-2019-6510 HIGH
creditease-sec insight < 2018-09-11 - Cross-Site Request Forgery in user_delete
CVSS 8.8
CVE-2019-6509 HIGH
creditease-sec insight < 2018-09-11 - Cross-Site Request Forgery in depart_delete
CVSS 8.8
CVE-2019-6508 HIGH
creditease-sec insight < 2018-09-11 - Cross-Site Request Forgery in role_perm_delete
CVSS 8.8
CVE-2019-6507 HIGH
creditease-sec insight < 2018-09-11 - Cross-Site Request Forgery in login_user_delete
CVSS 8.8
CVE-2019-6294 HIGH
EasyCMS 1.5 - Cross-Site Request Forgery via Article Insertion Endpoint
CVSS 8.8
CVE-2019-6249 HIGH
HuCart 5.7.4 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2019-6244 HIGH
UsualToolCMS 8.0 - Cross-Site Request Forgery via a_sqlbackx.php
CVSS 8.8
CVE-2018-25435 MEDIUM
ZeusCart 4.0 - Cross-Site Request Forgery via regstatus Endpoint
CVSS 5.3
CVE-2018-25397 MEDIUM
PHP-SHOP 1.0 Cross-Site Request Forgery via users.php
CVSS 5.3
CVE-2018-25387 MEDIUM
HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php
CVSS 5.3
CVE-2018-25370 MEDIUM
Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php
CVSS 5.3
CVE-2018-25363 MEDIUM
Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php
CVSS 4.3
CVE-2018-25354 MEDIUM
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
CVSS 4.3
CVE-2018-25343 MEDIUM
Smartshop 1 Cross-Site Request Forgery via editprofile.php
CVSS 4.3
CVE-2018-25337 MEDIUM
Joomla JoomOCShop 1.0 Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,378
Exploit Likelihood Medium