CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-20848 HIGH
Advisto PEEL SHOPPING 9.0.0 - Cross-Site Request Forgery via couleurId Parameter
CVSS 8.8
CVE-2018-1858 HIGH
IBM API Connect 5.0.0.0-5.0.8.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-17387 HIGH
Nimble Messaging Bulk SMS Marketing App 1.0 - CSRF
CVSS 8.8
CVE-2018-17389 HIGH
Live Call Support Application 1.5 - Cross-Site Request Forgery in server.php
CVSS 8.8
CVE-2018-18802 HIGH
Welcome to our Resort 1.0 - Cross-Site Request Forgery via User Edit Action
CVSS 8.8
CVE-2018-10696 HIGH
Moxa AWK-3121 1.14 - Cross-Site Request Forgery via Web Interface Forms
CVSS 8.8
CVE-2018-16218 HIGH
Yealink Ultra-elegant IP Phone SIP-T41P Firmware 66.83.0.35 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19613 MEDIUM
Westermo DR-250, DR-260 <5162 - CSRF
CVSS 6.5
CVE-2018-7828 HIGH
Schneider Electric 1st Gen Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-16136 HIGH
Ipbrick OS - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-14711 MEDIUM
ASUS RT-AC3200 <3.0.0.4.382.50010 - CSRF
CVSS 6.5
CVE-2018-1790 MEDIUM
IBM Financial Transaction Manager for Digital Payments 3.0.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-2001 MEDIUM
IBM Cram Social Program Management 6.1.1 6.2.0 7.0.4 7.0.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-13993 HIGH
PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx 1.0-1.34 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-4066 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Cross-Site Request Forgery in ACEManager
CVSS 8.8
CVE-2018-15206 HIGH
BPC SmartVista 2 - Cross-Site Request Forgery via Role Creation Page
CVSS 8.8
CVE-2018-14930 HIGH
Polaris FT Intellect Core Banking <9.7.1 - CSRF
CVSS 8.8
CVE-2018-5123 HIGH
Bugzilla < 4.4 - Cross-Site Request Forgery via Image Generation in report.cgi
CVSS 8.8
CVE-2018-17168 MEDIUM
PrinterOn Enterprise 4.1.4 - Cross-Site Request Forgery in Administration Page
CVSS 6.5
CVE-2018-13810 MEDIUM
Siemens CP 1604 and CP 1616 Firmware < 2.8 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-16966 HIGH
mndpsingh287 File Manager <3.0 - CSRF
CVSS 8.8
CVE-2018-17584 HIGH
WP Fastest Cache 0.8.8.5 - Cross-Site Request Forgery via Admin Options Page
CVSS 8.8
CVE-2018-2000 MEDIUM
IBM Business Automation Workflow 18.0.0.0-18.0.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-20816 MEDIUM
SuiteCRM 7.0.0-7.8.23 & 7.10.0-7.10.10 - XSS & CSRF via Add Dashboard Pages
CVSS 6.1
CVE-2018-1622 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,379
Exploit Likelihood Medium