Weaknesses of type CWE-352
5,677 resultsCVE-2023-23897MEDIUMWordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 1.7%CVE-2024-50858HIGHMultiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's bEPSS 1.7%CVE-2021-21027MEDIUMMagento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data ModificationEPSS 1.7%CVE-2024-56901HIGHA Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers tEPSS 1.7%CVE-2015-9284—The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on EPSS 1.6%CVE-2021-39864MEDIUMAdobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart AdditionEPSS 1.6%CVE-2022-41924CRITICALTailscale Windows daemon is vulnerable to RCE via CSRFEPSS 1.6%CVE-2020-8167—A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.EPSS 1.5%CVE-2022-29468HIGHA cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP requesEPSS 1.4%CVE-2017-2682—The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site RequestEPSS 1.4%CVE-2020-36836HIGHWP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 1.4%CVE-2024-0590MEDIUMMicrosoft Clarity <= 0.9.3 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 1.3%CVE-2019-1881MEDIUMCisco Industrial Network Director Cross-Site Request Forgery VulnerabilityEPSS 1.3%CVE-2018-1098—A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request toEPSS 1.3%CVE-2021-24161—Responsive Menu < 4.0.4 - CSRF to Arbitrary File UploadEPSS 1.2%CVE-2022-1421—Discy < 5.2 - Settings Update via CSRFEPSS 1.2%CVE-2020-16208—The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a deviceEPSS 1.2%CVE-2018-0363—A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could alEPSS 1.2%CVE-2018-0439—Cisco Meeting Server Cross-Site Request Forgery VulnerabilityEPSS 1.2%CVE-2018-0413—A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attackeEPSS 1.2%