VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 12 of 286
  • CVE-2023-47326HigDec 13, 2023
    risk 0.57cvss 8.8epss 0.00

    Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.

  • CVE-2023-47322HigDec 13, 2023
    risk 0.57cvss 8.8epss 0.00

    The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an…

  • CVE-2023-49448HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.

  • CVE-2023-49447HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.

  • CVE-2023-49446HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.

  • CVE-2023-49398HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.

  • CVE-2023-49397HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

  • CVE-2023-49396HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

  • CVE-2023-49395HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

  • CVE-2023-49383HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

  • CVE-2023-49382HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

  • CVE-2023-49381HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

  • CVE-2023-49380HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

  • CVE-2023-49379HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.

  • CVE-2023-49378HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

  • CVE-2023-49377HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

  • CVE-2023-49376HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.

  • CVE-2023-49375HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

  • CVE-2023-49374HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.

  • CVE-2023-49373HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.00

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.