CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2019-17431 HIGH
fastadmin 1.0.0.20190705_beta - Cross-Site Request Forgery in Admin Add Endpoint
CVSS 8.8
CVE-2019-13529 HIGH
SMA Sunny WebBox Firmware < 1.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-17369 MEDIUM
OTCMS v3.85 - Cross-Site Request Forgery in Admin Panel Member Deal Page
CVSS 6.5
CVE-2019-17217 HIGH
V-Zug Combi-Steam MSLQ Firmware < ethernet_r07 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-1915 MEDIUM
Cisco Unified Communications Manager, Unified CM IM&P, and Unity Connection - Cross-Site Request Forgery
CVSS 6.5
CVE-2019-15040 HIGH
JetBrains YouTrack < 2019.1 - Cross-Site Request Forgery on Settings Page
CVSS 8.8
CVE-2019-16993 HIGH
phpBB < 3.1.7-PL1 - Cross-Site Request Forgery in BBCode Administration Control Panel
CVSS 8.8
CVE-2019-13376 MEDIUM
phpBB 3.2.7 - Cross-Site Request Forgery in Remote Avatar Feature
CVSS 6.5
CVE-2019-16667 HIGH
pfSense 2.4.4-p3 - Cross-Site Request Forgery via diag_command.php
CVSS 8.8
CVE-2019-10408 MEDIUM
Jenkins Project Inheritance Plugin < 19.08.01 - Cross-Site Request Forgery
CVSS 4.3
CVE-2019-4515 MEDIUM
IBM Security Key Lifecycle Manager <3.0.1 - CSRF
CVSS 6.5
CVE-2019-16721 MEDIUM
NoneCMS v1.3 - Cross-Site Request Forgery in Admin User Deletion
CVSS 6.5
CVE-2019-16719 MEDIUM
WTCMS 1.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Index Endpoint
CVSS 6.5
CVE-2019-16706 HIGH
kkcms v1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-16678 MEDIUM
YzmCMS 5.3 - Cross-Site Request Forgery via URL Rule Addition
CVSS 6.5
CVE-2019-16677 MEDIUM
idreamsoft iCMS V7.0 - Cross-Site Request Forgery in admincp.php
CVSS 6.5
CVE-2019-16660 HIGH
joyplus-cms 1.6.0 - Cross-Site Request Forgery via admin_ajax.php
CVSS 8.8
CVE-2019-16659 HIGH
TuziCMS 2.0.6 - Cross-Site Request Forgery in Link Management
CVSS 8.8
CVE-2019-16658 HIGH
TuziCMS 2.0.6 - Cross-Site Request Forgery in Notice Management
CVSS 8.8
CVE-2019-15089 HIGH
PRiSE adAS 1.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-16531 HIGH
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
CVSS 8.8
CVE-2019-16311 HIGH
niushop V1.11 - Cross-Site Request Forgery via search_info Parameter
CVSS 8.8
CVE-2019-13920 MEDIUM
SINEMA Remote Connect Server < V2.0 SP1 - CSRF
CVSS 4.3
CVE-2019-13364 CRITICAL
Piwigo 2.9.5 - Cross-Site Scripting and Cross-Site Request Forgery via Billing Parameters
CVSS 9.6
CVE-2019-13363 CRITICAL
Piwigo 2.9.5 - Cross-Site Scripting and Cross-Site Request Forgery via Notification by Mail Parameters
CVSS 9.6
Details
Vulnerabilities 9,376
Exploit Likelihood Medium