CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,378 vulnerabilities with CWE-352
CVE-2018-25336
MEDIUM
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25334
MEDIUM
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
CVSS 5.4
CVE-2018-25327
MEDIUM
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25321
MEDIUM
TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces
CVSS 4.3
CVE-2018-25310
MEDIUM
VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution
CVSS 4.3
CVE-2018-25298
MEDIUM
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
CVSS 5.3
CVE-2018-25200
MEDIUM
OOP CMS BLOG 1.0 - Unauthenticated Cross-Site Request Forgery via addUser.php
CVSS 5.3
CVE-2018-25190
MEDIUM
Easyndexer 1.0 - Unauthenticated Cross-Site Request Forgery via createuser.php
CVSS 5.3
CVE-2018-25186
MEDIUM
Tina4 Stack 1.0.3 - Cross-Site Request Forgery via Profile Endpoint
CVSS 5.3
CVE-2018-25177
MEDIUM
Data Center Audit 2.6.2 - Unauthenticated Cross-Site Request Forgery via dca_resetpw.php
CVSS 5.3
CVE-2018-25176
HIGH
Alive Parish 2.0.4 - Unauthenticated SQL Injection and Arbitrary File Upload
CVSS 8.2
CVE-2018-25174
MEDIUM
ABC ERP 0.6.4 - Cross-Site Request Forgery via _configurar_perfil.php
CVSS 5.3
CVE-2018-25170
HIGH
DoceboLMS 1.2 - Unauthenticated SQL Injection via lesson.php Parameters
CVSS 8.2
CVE-2018-25156
MEDIUM
Teradek Cube 7.3.6 - Cross-Site Request Forgery via Password Change Request
CVSS 4.3
CVE-2018-25155
MEDIUM
Teradek Slice 7.3.15 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-25152
MEDIUM
Ecessa Edge EV150 10.7.4 - Unauthenticated Cross-Site Request Forgery via /cgi-bin/pl_web.cgi/util_configlogin_act
CVSS 5.3
CVE-2018-25151
MEDIUM
Ecessa WANWorx WVR-30 <10.7.4 - CSRF
CVSS 4.3
CVE-2018-25150
MEDIUM
Ecessa ShieldLink SL175EHQ 10.7.4 - CSRF
CVSS 5.3
CVE-2018-25149
MEDIUM
Microhard Systems IPn4G 1.1.0 - CSRF
CVSS 6.5
CVE-2018-25133
MEDIUM
Synaccess netBooter NP-0801DU 7.4 - CSRF
CVSS 4.3
CVE-2018-25127
MEDIUM
SOCA Access Control System 180612 - Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25096
MEDIUM
MdAlAmin-aol Own Health Record <0.4-alpha - CSRF
CVSS 4.3
CVE-2018-17451
HIGH
GitLab <11.1.7, <11.2.4, <11.3.1 - CSRF
CVSS 8.8
CVE-2018-14519
MEDIUM
Kirby 2.5.12 - Cross-Site Request Forgery in Delete Page Functionality
CVSS 4.3
CVE-2018-16795
HIGH
OpenEMR 5.0.1.3 - Cross-Site Request Forgery via library/ajax and interface/super
CVSS 8.8
Details
Vulnerabilities
9,378
Exploit Likelihood
Medium