CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-20648 HIGH
Car Rental Script 2.0.8 - Cross-Site Request Forgery via accountedit.php
CVSS 8.8
CVE-2018-20644 HIGH
Basic B2B Script 2.0.9 - Cross-Site Request Forgery via Edit Profile Feature
CVSS 8.8
CVE-2018-20641 HIGH
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Request Forgery via Edit Profile Feature
CVSS 8.8
CVE-2018-20633 HIGH
Advance B2B Script 2.1.4 - Cross-Site Request Forgery via Edit Profile Feature
CVSS 8.8
CVE-2018-19525 MEDIUM
Systrome ISG-600C,ISG-600H,ISG-800W 1.1-R2.1 - CSRF/XSS
CVSS 6.1
CVE-2018-19511 MEDIUM
Webgalamb 7.0 - Cross-Site Request Forgery via wg7.php
CVSS 6.5
CVE-2018-17996 MEDIUM
LayerBB < 1.1.3 - Cross-Site Request Forgery via Admin and Moderator Endpoints
CVSS 6.5
CVE-2018-14575 HIGH
Trash Bin plugin 1.1.3 for MyBB - XSS/CSRF
CVSS 8.8
CVE-2018-18449 HIGH
EmpireCMS 7.5 - Cross-Site Request Forgery via AddUser Action
CVSS 8.8
CVE-2018-17429 HIGH
jtbc v3.0(C) - Cross-Site Request Forgery in Account Management
CVSS 8.8
CVE-2018-20780 HIGH
traq 3.7.1 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2018-20728 HIGH
nedi < 1.7c - Cross-Site Request Forgery via User-Management.php
CVSS 8.8
CVE-2018-1000417 HIGH
Jenkins Email Extension Template Plugin <1.0 - CSRF
CVSS 8.1
CVE-2018-1000414 HIGH
Jenkins Config File Provider Plugin <3.1 - CSRF
CVSS 8.1
CVE-2018-1000411 MEDIUM
Jenkins JUnit Plugin < 1.25 - Cross-Site Request Forgery in TestObject.java
CVSS 6.5
CVE-2018-20613 HIGH
temmoku T1.09 Beta - Cross-Site Request Forgery via Admin User Add
CVSS 8.8
CVE-2018-20612 HIGH
asthis universal_website_asthis 2.3.11 - Cross-Site Request Forgery via Admin Addition Endpoint
CVSS 8.8
CVE-2018-20603 HIGH
Lei Feng TV CMS 3.8.6 - Cross-Site Request Forgery via Member Add Endpoint
CVSS 8.8
CVE-2018-20598 HIGH
UCMS 1.4.7 - Cross-Site Request Forgery via user_addpost Endpoint
CVSS 8.8
CVE-2018-20595 HIGH
hsweb 3.0.4 - Cross-Site Request Forgery via OAuth2 State Parameter Mismatch
CVSS 8.8
CVE-2018-20577 CRITICAL
Orange Livebox ARV7519RW22 00.96.320S - Cross-Site Request Forgery via Multiple CGI Endpoints
CVSS 9.1
CVE-2018-20576 MEDIUM
Orange ARV7519RW22 Livebox 2.1 Firmware - Cross-Site Request Forgery via autodialing.exe and phone_test.exe
CVSS 5.4
CVE-2018-18696 HIGH
MicroStrategy < 10.4.0026.0049 - Cross-Site Request Forgery in main.aspx
CVSS 8.8
CVE-2018-15334 MEDIUM
F5 BIG-IP Access Policy Manager 11.5.1-11.6.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-19182 HIGH
engelsystem < 3.0.0 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium