VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 135 of 286
  • CVE-2022-40219MedSep 21, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.

  • CVE-2022-3017MedAug 28, 2022
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.

  • CVE-2016-3098MedAug 5, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.

  • CVE-2022-2224MedJul 18, 2022
    risk 0.35cvss 5.4epss 0.00

    The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated…

  • CVE-2022-2223MedJul 18, 2022
    risk 0.35cvss 5.4epss 0.00

    The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to…

  • CVE-2022-30953MedMay 17, 2022
    risk 0.35cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

  • CVE-2020-13674MedFeb 11, 2022
    risk 0.35cvss 6.5epss 0.00

    The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is…

  • CVE-2022-0505MedFeb 8, 2022
    risk 0.35cvss 6.5epss 0.01

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0231MedJan 14, 2022
    risk 0.35cvss 6.5epss 0.01

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4123MedDec 16, 2021
    risk 0.35cvss 6.5epss 0.00

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4033MedDec 9, 2021
    risk 0.35cvss 6.5epss 0.01

    kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4049MedDec 7, 2021
    risk 0.35cvss 6.5epss 0.00

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3993MedDec 1, 2021
    risk 0.35cvss 6.5epss 0.01

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3976MedNov 19, 2021
    risk 0.35cvss 6.5epss 0.00

    kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3683MedNov 13, 2021
    risk 0.35cvss 6.5epss 0.00

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3900MedOct 27, 2021
    risk 0.35cvss 6.5epss 0.01

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3730MedAug 23, 2021
    risk 0.35cvss 6.5epss 0.00

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3728MedAug 23, 2021
    risk 0.35cvss 6.5epss 0.01

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2020-18151MedJul 14, 2021
    risk 0.35cvss 6.5epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

  • CVE-2021-28055MedApr 15, 2021
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.