Weaknesses of type CWE-352
5,688 resultsCVE-2017-20093MEDIUMDownload Manager Plugin cross-site request forgeryEPSS 0.4%CVE-2019-19289—A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack ifEPSS 0.4%CVE-2022-4138MEDIUMA Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7EPSS 0.4%CVE-2020-10771—A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. EPSS 0.4%CVE-2024-1522HIGHCross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webuiEPSS 0.4%CVE-2024-6309HIGHAttachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.4%CVE-2024-7806HIGHRemote Code Execution by Non-Admin Users via CSRF in open-webui/open-webuiEPSS 0.4%CVE-2021-25108—IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRFEPSS 0.4%CVE-2015-10109MEDIUMVideo Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgeryEPSS 0.4%CVE-2022-36076HIGHAccount takeover via SSO plugins in NodeBBEPSS 0.4%CVE-2022-2245—Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRFEPSS 0.4%CVE-2022-43408MEDIUMJenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proEPSS 0.4%CVE-2022-2381—E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRFEPSS 0.4%CVE-2015-10108MEDIUMmeitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgeryEPSS 0.4%CVE-2017-6038—A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The webEPSS 0.4%CVE-2021-25976HIGHPiranha CMS - Site-wide Cross-Site Request Forgery (CSRF)EPSS 0.4%CVE-2022-43693HIGHConcrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete wEPSS 0.4%CVE-2019-3864MEDIUMA vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameteEPSS 0.4%CVE-2022-0245MEDIUMCross-Site Request Forgery (CSRF) in livehelperchat/livehelperchatEPSS 0.4%CVE-2021-34743MEDIUMCisco Webex Software Application Authorization Bypass VulnerabilityEPSS 0.4%