CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,379 vulnerabilities with CWE-352
CVE-2018-19560
HIGH
BageCMS 3.1.3 - Cross-Site Request Forgery via admini/admin/ownerUpdate Endpoint
CVSS 8.8
CVE-2018-19555
HIGH
tp4a TELEPORT 3.1.0 - Cross-Site Request Forgery via Password Reset Endpoint
CVSS 8.8
CVE-2018-19546
HIGH
JTBC(PHP) 3.0.1.7 - Cross-Site Request Forgery via console/xml/manage.php
CVSS 8.8
CVE-2018-19545
HIGH
JEECMS 9.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19544
MEDIUM
JEECMS 9.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-19376
MEDIUM
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Log File Deletion Endpoint
CVSS 6.5
CVE-2018-18773
HIGH
Webpanel < 0.9.8.740 - CSRF
CVSS 8.8
CVE-2018-18772
HIGH
Control WebPanel < 0.9.8.740 - Cross-Site Request Forgery via SSH Command Execution
CVSS 8.8
CVE-2018-19335
MEDIUM
Google Monorail < 2018-06-07 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-19334
MEDIUM
Google Monorail < 2018-05-04 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-10099
MEDIUM
Google Monorail < 2018-04-04 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-19332
HIGH
S-CMS <1.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19327
HIGH
JTBC(PHP) 3.0.1.7 - Cross-Site Request Forgery in aboutus/manage.php
CVSS 8.8
CVE-2018-19319
MEDIUM
SRCMS 3.0.0 - Cross-Site Request Forgery via Admin Gifts Update Endpoint
CVSS 6.5
CVE-2018-19318
HIGH
SRCMS 3.0.0 - Cross-Site Request Forgery via Admin Update Endpoint
CVSS 8.8
CVE-2018-18799
HIGH
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via event/controller.php
CVSS 8.8
CVE-2018-18797
HIGH
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
CVSS 8.8
CVE-2018-18794
HIGH
School Event Management System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
CVSS 8.8
CVE-2018-18760
MEDIUM
RhinOS 3.0 build 1190 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-19291
MEDIUM
DiliCMS 2.4.0 - Cross-Site Request Forgery via User or Role Deletion
CVSS 6.5
CVE-2018-12416
HIGH
TIBCO DataSynapse GridServer Manager <6.3.0 - CSRF
CVSS 7.1
CVE-2018-19225
HIGH
laobancms 2.0 - Cross-Site Request Forgery in admin/mima.php
CVSS 8.8
CVE-2018-19192
HIGH
xiaocms 20141229 - Cross-Site Request Forgery via data[content] Parameter
CVSS 8.8
CVE-2018-19135
HIGH
Clippercms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19138
HIGH
WSTMart 2.0.7 - Cross-Site Request Forgery via Admin Staff Add URI
CVSS 8.8
Details
Vulnerabilities
9,379
Exploit Likelihood
Medium