CWE-352: Cross-Site Request Forgery (CSRF)

CompoundStableExploit Likelihood: Medium🏆 #5 in Top 25 (2024)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

View on MITRE

345Related CVEs

23.08Severity Score

Back to CWE Lookup

Technical Details

Structure: Composite

Applicable To

Languages

Not Language-Specific

Platforms

🏆 CWE Top 25 Historical Ranking

2023:#9

Score: 11.73

324 CVEs

2024:#5↑4

Score: 23.08

345 CVEs

Trend:Worsening (moved down 4 ranks)

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-352

CWE Top 25 Most Dangerous

See how this weakness ranks against others

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references