CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 135 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40219 | Med | 0.35 | 5.4 | 0.00 | Sep 21, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | ||
| CVE-2022-3017 | Med | 0.35 | 6.5 | 0.00 | Aug 28, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | ||
| CVE-2016-3098 | — | Med | 0.35 | 5.4 | 0.00 | Aug 5, 2022 | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | |
| CVE-2022-2224 | Med | 0.35 | 5.4 | 0.00 | Jul 18, 2022 | The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated… | ||
| CVE-2022-2223 | Med | 0.35 | 5.4 | 0.00 | Jul 18, 2022 | The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to… | ||
| CVE-2022-30953 | Med | 0.35 | 6.5 | 0.01 | May 17, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | ||
| CVE-2020-13674 | — | Med | 0.35 | 6.5 | 0.00 | Feb 11, 2022 | The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is… | |
| CVE-2022-0505 | Med | 0.35 | 6.5 | 0.01 | Feb 8, 2022 | Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0231 | Med | 0.35 | 6.5 | 0.01 | Jan 14, 2022 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-4123 | Med | 0.35 | 6.5 | 0.00 | Dec 16, 2021 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-4033 | — | Med | 0.35 | 6.5 | 0.01 | Dec 9, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |
| CVE-2021-4049 | Med | 0.35 | 6.5 | 0.00 | Dec 7, 2021 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3993 | — | Med | 0.35 | 6.5 | 0.01 | Dec 1, 2021 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |
| CVE-2021-3976 | — | Med | 0.35 | 6.5 | 0.00 | Nov 19, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |
| CVE-2021-3683 | — | Med | 0.35 | 6.5 | 0.00 | Nov 13, 2021 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |
| CVE-2021-3900 | Med | 0.35 | 6.5 | 0.01 | Oct 27, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3730 | Med | 0.35 | 6.5 | 0.00 | Aug 23, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3728 | Med | 0.35 | 6.5 | 0.01 | Aug 23, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2020-18151 | — | Med | 0.35 | 6.5 | 0.00 | Jul 14, 2021 | Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |
| CVE-2021-28055 | — | Med | 0.35 | 6.5 | 0.01 | Apr 15, 2021 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. |
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
- risk 0.35cvss 5.4epss 0.00
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
- risk 0.35cvss 5.4epss 0.00
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated…
- risk 0.35cvss 5.4epss 0.00
The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to…
- risk 0.35cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
- risk 0.35cvss 6.5epss 0.00
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is…
- risk 0.35cvss 6.5epss 0.01
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
- risk 0.35cvss 6.5epss 0.01
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.01
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.01
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.01
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.01
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.35cvss 6.5epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
- risk 0.35cvss 6.5epss 0.01
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.