CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2018-19948 LOW
QNAP Helpdesk < 3.0.3 - Cross-Site Request Forgery
CVSS 2.0
CVE-2018-21096 HIGH
NETGEAR WAC120/WAC505/WAC510/WNAP320/WNAP210/WNDAP350/WNDAP360/WNDAP660/WNDAP620/WND930/WN604 - CSRF
CVSS 7.4
CVE-2018-21160 HIGH
NETGEAR ReadyNAS OS 6.0-6.9.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-21102 HIGH
NETGEAR ReadyNAS OS Firmware < 6.9.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-21120 HIGH
NETGEAR Wireless Access Points - Cross-Site Request Forgery
CVSS 8.0
CVE-2018-21037 HIGH
Subrion < 4.1.5 and 4.2.x < 4.2.1 - Cross-Site Request Forgery via Administrator Password Change
CVSS 8.8
CVE-2018-1934 HIGH
IBM Cognos Business Intelligence 10.2.2 - CSRF
CVSS 8.8
CVE-2018-20582 HIGH
gree+ 1.4.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-17789 MEDIUM
Prospecta Master Data Online - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-21006 HIGH
bbpress_move_topics < 1.1.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-21002 HIGH
js_help_desk < 2.0.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20974 HIGH
js_job_manager < 1.0.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20972 HIGH
companion_auto_update < 3.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20971 HIGH
church_admin < 1.2550 - Cross-Site Request Forgery via Bible Reading Plan Upload
CVSS 8.8
CVE-2018-14668 HIGH
ClickHouse < 1.1.54388 - Cross-Site Request Forgery via Remote Table Function
CVSS 8.8
CVE-2018-20968 HIGH
wp-ultimate-exporter < 1.4.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20967 HIGH
wp-ultimate-csv-importer < 5.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20964 HIGH
Contact Form Email < 1.2.66 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-10899 HIGH
Jolokia 1.2-1.6.0 - Cross-Site Request Forgery
CVSS 8.1
CVE-2018-20872 MEDIUM
DrayTek Firmware < 2018-05-23 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-17792 HIGH
MDaemon Webmail - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12628 HIGH
Eventum < 3.5.0 - Cross-Site Request Forgery in User Management
CVSS 8.8
CVE-2018-10986 HIGH
OX Guard 2.8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11427 HIGH
Moxa OnCell G3100-HSPA Series < 1.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20848 HIGH
Advisto PEEL SHOPPING 9.0.0 - Cross-Site Request Forgery via couleurId Parameter
CVSS 8.8
Details
Vulnerabilities 9,378
Exploit Likelihood Medium