CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 224 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3978 | — | Med | 0.21 | 4.3 | 0.00 | Nov 13, 2022 | A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is… | |
| CVE-2022-3267 | — | Med | 0.21 | 4.3 | 0.00 | Sep 22, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |
| CVE-2022-3233 | — | Med | 0.21 | 4.3 | 0.00 | Sep 21, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |
| CVE-2022-3232 | — | Med | 0.21 | 4.3 | 0.00 | Sep 17, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | |
| CVE-2022-36095 | Med | 0.21 | 4.3 | 0.00 | Sep 8, 2022 | XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may… | ||
| CVE-2022-36887 | Med | 0.21 | 4.3 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system… | ||
| CVE-2022-36886 | Med | 0.21 | 4.3 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | ||
| CVE-2022-30946 | Med | 0.21 | 4.3 | 0.01 | May 17, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | ||
| CVE-2022-29048 | Med | 0.21 | 4.3 | 0.02 | Apr 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | ||
| CVE-2022-0638 | Med | 0.21 | 4.3 | 0.00 | Feb 17, 2022 | Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0245 | Med | 0.21 | 4.3 | 0.00 | Jan 18, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0. | ||
| CVE-2022-0226 | Med | 0.21 | 4.3 | 0.00 | Jan 14, 2022 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2022-20613 | Med | 0.21 | 4.3 | 0.01 | Jan 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | ||
| CVE-2022-20612 | Med | 0.21 | 4.3 | 0.02 | Jan 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | ||
| CVE-2021-4162 | — | Med | 0.21 | 4.3 | 0.00 | Dec 25, 2021 | archivy is vulnerable to Cross-Site Request Forgery (CSRF) | |
| CVE-2021-4092 | Med | 0.21 | 4.3 | 0.00 | Dec 11, 2021 | yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-4082 | Med | 0.21 | 4.3 | 0.00 | Dec 10, 2021 | pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-4005 | Med | 0.21 | 4.3 | 0.00 | Dec 4, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-4015 | Med | 0.21 | 4.3 | 0.00 | Dec 1, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3963 | — | Med | 0.21 | 4.3 | 0.00 | Nov 19, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) |
- risk 0.21cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is…
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
- risk 0.21cvss 4.3epss 0.00
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may…
- risk 0.21cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system…
- risk 0.21cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.
- risk 0.21cvss 4.3epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
- risk 0.21cvss 4.3epss 0.02
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
- risk 0.21cvss 4.3epss 0.00
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- risk 0.21cvss 4.3epss 0.02
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
- risk 0.21cvss 4.3epss 0.00
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.00
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.00
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.00
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.00
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
- risk 0.21cvss 4.3epss 0.00
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)