CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 12 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47326 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 13, 2023 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. | |
| CVE-2023-47322 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 13, 2023 | The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an… | |
| CVE-2023-49448 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | |
| CVE-2023-49447 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | |
| CVE-2023-49446 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | |
| CVE-2023-49398 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. | |
| CVE-2023-49397 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | |
| CVE-2023-49396 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. | |
| CVE-2023-49395 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. | |
| CVE-2023-49383 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. | |
| CVE-2023-49382 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. | |
| CVE-2023-49381 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. | |
| CVE-2023-49380 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. | |
| CVE-2023-49379 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. | |
| CVE-2023-49378 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. | |
| CVE-2023-49377 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. | |
| CVE-2023-49376 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. | |
| CVE-2023-49375 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. | |
| CVE-2023-49374 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. | |
| CVE-2023-49373 | — | Hig | 0.57 | 8.8 | 0.00 | Dec 5, 2023 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. |
- risk 0.57cvss 8.8epss 0.00
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
- risk 0.57cvss 8.8epss 0.00
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an…
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
- risk 0.57cvss 8.8epss 0.00
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.