CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-20419 HIGH
DouPHP 1.5 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-8892 MEDIUM
BlackBerry Unified Endpoint Manager < 12.9.1 - Cross-Site Request Forgery in Management Console
CVSS 6.5
CVE-2018-1000858 HIGH
GnuPG 2.1.12-2.2.11 - Cross-Site Request Forgery via WKD Request
CVSS 8.8
CVE-2018-1000846 HIGH
freshdns < 1.0.3 - Authenticated Cross-Site Request Forgery in API Calls
CVSS 8.8
CVE-2018-1000843 HIGH
Luigi < 2.8.0 - Cross-Site Request Forgery via /api/<method> Endpoint
CVSS 8.8
CVE-2018-1661 MEDIUM
IBM DataPower Gateway 7.5.0.0-7.5.0.16 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-20231 HIGH
two-factor-authentication < 1.3.13 - Cross-Site Request Forgery via tfa_enable_tfa Parameter
CVSS 8.8
CVE-2018-20228 HIGH
Subsonic 6.1.5 - Server-Side Request Forgery via Internet Radio Stream URL Parameter
CVSS 8.0
CVE-2018-19829 MEDIUM
Artica Integria IMS 5.0.83 - Cross-Site Request Forgery in User List Management
CVSS 6.5
CVE-2018-18921 MEDIUM
PHP Server Monitor < 3.3.2 - Cross-Site Request Forgery via Delete Action
CVSS 6.5
CVE-2018-20188 HIGH
FUEL CMS 1.4.3 - Cross-Site Request Forgery via users/create/
CVSS 8.8
CVE-2018-18246 MEDIUM
Icinga Web 2 < 2.6.2 - Cross-Site Request Forgery via Module Configuration Endpoints
CVSS 6.5
CVE-2018-1926 MEDIUM
IBM WebSphere Application Server - CSRF
CVSS 4.3
CVE-2018-19969 HIGH
phpMyAdmin 4.7.0-4.7.5 and 4.8.0-4.8.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-20015 HIGH
YzmCMS v5.2 - Cross-Site Request Forgery via Admin Role Add Endpoint
CVSS 8.8
CVE-2018-19923 HIGH
Sales & Company Management System < 2018-06-06 - Cross-Site Request Forgery via member_email.php
CVSS 8.8
CVE-2018-19911 HIGH
FreeSWITCH < 1.8.2 - Remote Code Execution via mod_xml_rpc API
CVSS 7.5
CVE-2018-1002103 HIGH
Minikube 0.3.0-0.29.0 - Cross-Site Request Forgery via DNS Rebinding
CVSS 8.1
CVE-2018-16634 HIGH
Pluck v4.7.7 - Cross-Site Request Forgery via admin.php Settings Action
CVSS 8.8
CVE-2018-7831 HIGH
Modicon M340, Premium, Quantum, and BMXNOR0200 Firmware - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2018-1927 MEDIUM
IBM StoredIQ 7.6.0.0-7.6.0.16 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-19621 MEDIUM
showdoc 2.4.2 - Cross-Site Request Forgery in Team Member Save Endpoint
CVSS 6.5
CVE-2018-14892 HIGH
ZyXEL NSA325 V2 4.81 - Cross-Site Request Forgery via Crafted HTTP Forms
CVSS 8.8
CVE-2018-16854 MEDIUM
moodle <3.0.10, 3.1-3.1.14 - Cross-Site Request Forgery in Login Form
CVSS 6.5
CVE-2018-19561 HIGH
sikcms 1.1 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium