Weaknesses of type CWE-352
5,662 resultsCVE-2020-13569HIGHA cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f6EPSS 3.0%CVE-2021-26296—Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFacesEPSS 3.0%CVE-2005-1674MEDIUMCross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a liEPSS 2.9%CVE-2017-5264—Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrativEPSS 2.7%CVE-2022-4944MEDIUMkalcaddle KodExplorer cross-site request forgeryEPSS 2.7%CVE-2021-34620HIGHCSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege EscalationEPSS 2.6%CVE-2024-13913HIGHInstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File InclusionEPSS 2.4%CVE-2020-5397MEDIUMCSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFluxEPSS 2.4%CVE-2018-16854MEDIUMA flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by EPSS 2.3%CVE-2022-21703MEDIUMCross Site Request Forgery in GrafanaEPSS 2.3%CVE-2019-13529—An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissioEPSS 2.2%CVE-2018-4066—An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A EPSS 2.2%CVE-2020-10890HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interacEPSS 2.2%CVE-2020-10892HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interacEPSS 2.2%CVE-2022-0088LOWCross-Site Request Forgery (CSRF) in yourls/yourlsEPSS 2.0%CVE-2018-12540—In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form pEPSS 2.0%CVE-2022-41413MEDIUMperfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted iEPSS 2.0%CVE-2021-24272—Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)EPSS 1.8%CVE-2020-4040HIGHCSRF issue on preview pages in Bolt CMSEPSS 1.8%CVE-2020-8166MEDIUMA CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token sucEPSS 1.7%