CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,851 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 112 of 178
- CVE-2024-27197HIGHCVSS 7.1EG 7.12024-03-16
Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8.
- CVE-2024-27265MEDIUMCVSS 4.5EG 4.52024-03-14
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 2…
- CVE-2024-2739HIGHCVSS 8.7EG 8.72024-04-15
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- CVE-2024-2741HIGHCVSS 7.1EG 7.12024-04-11
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session,…
- CVE-2024-27439MEDIUMCVSS 6.5EG 6.52024-03-19
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wick…
- CVE-2024-27448CRITICALCVSS 9.1EG 9.82024-04-05
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
- CVE-2024-27474HIGHCVSS 8.8EG 8.82024-04-10
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.
- CVE-2024-2748MEDIUMCVSS 4.3EG 4.32024-03-21
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. Thi…
- CVE-2024-27559MEDIUMCVSS 6.3EG 6.32024-03-01
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php
- CVE-2024-27623MEDIUMCVSS 5.9EG 5.92024-03-05
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
- CVE-2024-27631MEDIUMCVSS 6.0EG 6.02024-04-08
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
- CVE-2024-27689HIGHCVSS 8.8EG 8.82024-03-01
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.
- CVE-2024-27694HIGHCVSS 7.4EG 7.42024-03-04
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
- CVE-2024-27717MEDIUMCVSS 6.5EG 6.52024-07-05
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component.
- CVE-2024-27783HIGHCVSS 7.6EG 7.62024-07-09
Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim…
- CVE-2024-27948MEDIUMCVSS 5.4EG 5.42024-02-28
Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.
- CVE-2024-27955HIGHCVSS 8.8EG 8.32024-05-17
Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
- CVE-2024-27967MEDIUMCVSS 4.3EG 4.32024-04-11
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
- CVE-2024-27968HIGHCVSS 7.1EG 7.12024-03-21
Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5.
- CVE-2024-27974MEDIUMCVSS 6.3EG 6.32024-03-18
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, t…
- CVE-2024-28141MEDIUMCVSS 6.3EG 6.32024-12-11
The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link.…
- CVE-2024-28158MEDIUMCVSS 4.3EG 4.32024-03-06
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
- CVE-2024-2816MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The at…
- CVE-2024-2817MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site reques…
- CVE-2024-28195HIGHCVSS 8.1EG 8.12024-03-13
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims…
- CVE-2024-2820MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forge…
- CVE-2024-2821MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site re…
- CVE-2024-2822MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to i…
- CVE-2024-2823MEDIUMCVSS 4.3EG 4.32024-03-22
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remo…
- CVE-2024-28233HIGHCVSS 8.1EG 8.12024-03-27
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of Jupyte…
- CVE-2024-28429MEDIUMCVSS 5.5EG 5.52024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
- CVE-2024-2843MEDIUMCVSS 6.5EG 6.52024-08-01
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks
- CVE-2024-28430MEDIUMCVSS 6.1EG 6.12024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
- CVE-2024-28431HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
- CVE-2024-28432HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
- CVE-2024-2857MEDIUMCVSS 6.1EG 6.12024-04-15
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the l…
- CVE-2024-2858MEDIUMCVSS 4.8EG 4.82024-04-15
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- CVE-2024-28665HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
- CVE-2024-28666MEDIUMCVSS 5.5EG 5.52024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
- CVE-2024-28667MEDIUMCVSS 6.1EG 6.12024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
- CVE-2024-28669MEDIUMCVSS 5.4EG 5.42024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
- CVE-2024-28670MEDIUMCVSS 6.1EG 6.12024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
- CVE-2024-28672MEDIUMCVSS 5.4EG 5.42024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
- CVE-2024-28673HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
- CVE-2024-28675HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
- CVE-2024-28677MEDIUMCVSS 6.1EG 6.12024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
- CVE-2024-28678MEDIUMCVSS 6.3EG 6.32024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
- CVE-2024-28681MEDIUMCVSS 6.1EG 6.12024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
- CVE-2024-28682MEDIUMCVSS 6.3EG 6.32024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
- CVE-2024-28684HIGHCVSS 8.8EG 8.82024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →