VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 224 of 286
  • CVE-2022-3978MedNov 13, 2022
    risk 0.21cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is…

  • CVE-2022-3267MedSep 22, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.

  • CVE-2022-3233MedSep 21, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.

  • CVE-2022-3232MedSep 17, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.

  • CVE-2022-36095MedSep 8, 2022
    risk 0.21cvss 4.3epss 0.00

    XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may…

  • CVE-2022-36887MedJul 27, 2022
    risk 0.21cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system…

  • CVE-2022-36886MedJul 27, 2022
    risk 0.21cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.

  • CVE-2022-30946MedMay 17, 2022
    risk 0.21cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

  • CVE-2022-29048MedApr 12, 2022
    risk 0.21cvss 4.3epss 0.02

    A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2022-0638MedFeb 17, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0245MedJan 18, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

  • CVE-2022-0226MedJan 14, 2022
    risk 0.21cvss 4.3epss 0.00

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2022-20613MedJan 12, 2022
    risk 0.21cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

  • CVE-2022-20612MedJan 12, 2022
    risk 0.21cvss 4.3epss 0.02

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

  • CVE-2021-4162MedDec 25, 2021
    risk 0.21cvss 4.3epss 0.00

    archivy is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4092MedDec 11, 2021
    risk 0.21cvss 4.3epss 0.00

    yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4082MedDec 10, 2021
    risk 0.21cvss 4.3epss 0.00

    pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4005MedDec 4, 2021
    risk 0.21cvss 4.3epss 0.00

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4015MedDec 1, 2021
    risk 0.21cvss 4.3epss 0.00

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3963MedNov 19, 2021
    risk 0.21cvss 4.3epss 0.00

    kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)