CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2018-25336 MEDIUM
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25334 MEDIUM
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
CVSS 5.4
CVE-2018-25327 MEDIUM
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25321 MEDIUM
TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces
CVSS 4.3
CVE-2018-25310 MEDIUM
VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution
CVSS 4.3
CVE-2018-25298 MEDIUM
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
CVSS 5.3
CVE-2018-25200 MEDIUM
OOP CMS BLOG 1.0 - Unauthenticated Cross-Site Request Forgery via addUser.php
CVSS 5.3
CVE-2018-25190 MEDIUM
Easyndexer 1.0 - Unauthenticated Cross-Site Request Forgery via createuser.php
CVSS 5.3
CVE-2018-25186 MEDIUM
Tina4 Stack 1.0.3 - Cross-Site Request Forgery via Profile Endpoint
CVSS 5.3
CVE-2018-25177 MEDIUM
Data Center Audit 2.6.2 - Unauthenticated Cross-Site Request Forgery via dca_resetpw.php
CVSS 5.3
CVE-2018-25176 HIGH
Alive Parish 2.0.4 - Unauthenticated SQL Injection and Arbitrary File Upload
CVSS 8.2
CVE-2018-25174 MEDIUM
ABC ERP 0.6.4 - Cross-Site Request Forgery via _configurar_perfil.php
CVSS 5.3
CVE-2018-25170 HIGH
DoceboLMS 1.2 - Unauthenticated SQL Injection via lesson.php Parameters
CVSS 8.2
CVE-2018-25156 MEDIUM
Teradek Cube 7.3.6 - Cross-Site Request Forgery via Password Change Request
CVSS 4.3
CVE-2018-25155 MEDIUM
Teradek Slice 7.3.15 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-25152 MEDIUM
Ecessa Edge EV150 10.7.4 - Unauthenticated Cross-Site Request Forgery via /cgi-bin/pl_web.cgi/util_configlogin_act
CVSS 5.3
CVE-2018-25151 MEDIUM
Ecessa WANWorx WVR-30 <10.7.4 - CSRF
CVSS 4.3
CVE-2018-25150 MEDIUM
Ecessa ShieldLink SL175EHQ 10.7.4 - CSRF
CVSS 5.3
CVE-2018-25149 MEDIUM
Microhard Systems IPn4G 1.1.0 - CSRF
CVSS 6.5
CVE-2018-25133 MEDIUM
Synaccess netBooter NP-0801DU 7.4 - CSRF
CVSS 4.3
CVE-2018-25127 MEDIUM
SOCA Access Control System 180612 - Cross-Site Request Forgery
CVSS 5.3
CVE-2018-25096 MEDIUM
MdAlAmin-aol Own Health Record <0.4-alpha - CSRF
CVSS 4.3
CVE-2018-17451 HIGH
GitLab <11.1.7, <11.2.4, <11.3.1 - CSRF
CVSS 8.8
CVE-2018-14519 MEDIUM
Kirby 2.5.12 - Cross-Site Request Forgery in Delete Page Functionality
CVSS 4.3
CVE-2018-16795 HIGH
OpenEMR 5.0.1.3 - Cross-Site Request Forgery via library/ajax and interface/super
CVSS 8.8
Details
Vulnerabilities 9,378
Exploit Likelihood Medium