CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-19560 HIGH
BageCMS 3.1.3 - Cross-Site Request Forgery via admini/admin/ownerUpdate Endpoint
CVSS 8.8
CVE-2018-19555 HIGH
tp4a TELEPORT 3.1.0 - Cross-Site Request Forgery via Password Reset Endpoint
CVSS 8.8
CVE-2018-19546 HIGH
JTBC(PHP) 3.0.1.7 - Cross-Site Request Forgery via console/xml/manage.php
CVSS 8.8
CVE-2018-19545 HIGH
JEECMS 9.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19544 MEDIUM
JEECMS 9.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-19376 MEDIUM
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Log File Deletion Endpoint
CVSS 6.5
CVE-2018-18773 HIGH
Webpanel < 0.9.8.740 - CSRF
CVSS 8.8
CVE-2018-18772 HIGH
Control WebPanel < 0.9.8.740 - Cross-Site Request Forgery via SSH Command Execution
CVSS 8.8
CVE-2018-19335 MEDIUM
Google Monorail < 2018-06-07 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-19334 MEDIUM
Google Monorail < 2018-05-04 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-10099 MEDIUM
Google Monorail < 2018-04-04 - Cross-Site Request Forgery via CSV Download
CVSS 5.3
CVE-2018-19332 HIGH
S-CMS <1.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19327 HIGH
JTBC(PHP) 3.0.1.7 - Cross-Site Request Forgery in aboutus/manage.php
CVSS 8.8
CVE-2018-19319 MEDIUM
SRCMS 3.0.0 - Cross-Site Request Forgery via Admin Gifts Update Endpoint
CVSS 6.5
CVE-2018-19318 HIGH
SRCMS 3.0.0 - Cross-Site Request Forgery via Admin Update Endpoint
CVSS 8.8
CVE-2018-18799 HIGH
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via event/controller.php
CVSS 8.8
CVE-2018-18797 HIGH
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
CVSS 8.8
CVE-2018-18794 HIGH
School Event Management System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
CVSS 8.8
CVE-2018-18760 MEDIUM
RhinOS 3.0 build 1190 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-19291 MEDIUM
DiliCMS 2.4.0 - Cross-Site Request Forgery via User or Role Deletion
CVSS 6.5
CVE-2018-12416 HIGH
TIBCO DataSynapse GridServer Manager <6.3.0 - CSRF
CVSS 7.1
CVE-2018-19225 HIGH
laobancms 2.0 - Cross-Site Request Forgery in admin/mima.php
CVSS 8.8
CVE-2018-19192 HIGH
xiaocms 20141229 - Cross-Site Request Forgery via data[content] Parameter
CVSS 8.8
CVE-2018-19135 HIGH
Clippercms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-19138 HIGH
WSTMart 2.0.7 - Cross-Site Request Forgery via Admin Staff Add URI
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium