CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-15445 MEDIUM
Cisco Energy Management Suite Software - Authenticated Cross-Site Request Forgery
CVSS 6.3
CVE-2018-19104 HIGH
BageCMS 3.1.3 - Cross-Site Request Forgery via File Upload Endpoint
CVSS 8.8
CVE-2018-12415 HIGH
TIBCO Enterprise Message Service <8.4.0 - CSRF
CVSS 7.5
CVE-2018-12414 HIGH
TIBCO Rendezvous <= 8.4.5 - Cross-Site Request Forgery
CVSS 7.5
CVE-2018-12413 HIGH
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - CSRF
CVSS 7.5
CVE-2018-12412 HIGH
TIBCO FTL <= 5.4.0 - Cross-Site Request Forgery in Realm Server
CVSS 7.5
CVE-2018-12411 HIGH
TIBCO ActiveSpaces 3.0.0-3.5.0 - Cross-Site Request Forgery
CVSS 7.5
CVE-2018-18935 HIGH
PopojiCMS v2.0.1 - Cross-Site Request Forgery via po-admin/route.php Component Addition
CVSS 8.8
CVE-2018-18934 CRITICAL
PopojiCMS 2.0.1 - Unauthenticated Arbitrary File Upload via fupload Parameter
CVSS 9.8
CVE-2018-6907 HIGH
RainMachine Mini-8 and Touch HD 12 - Cross-Site Request Forgery via REST API
CVSS 8.8
CVE-2018-18842 HIGH
Z-BlogPHP 1.5.2.1935 - Cross-Site Request Forgery in AppCentre Theme Handler
CVSS 8.8
CVE-2018-18742 HIGH
SEMCMS 3.4 - Cross-Site Request Forgery via admin/SEMCMS_User.php
CVSS 8.8
CVE-2018-18735 HIGH
catfish_blog 2.0.33 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-18734 HIGH
Catfish CMS 4.8.30 - Cross-Site Request Forgery in Admin User Addition
CVSS 8.8
CVE-2018-18712 HIGH
Wuzhicms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-18711 HIGH
Wuzhicms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-9281 HIGH
Eaton 9PX UPS Firmware - Cross-Site Request Forgery in Password Change Functionality
CVSS 8.8
CVE-2018-18420 HIGH
Zenario 8.3 - Cross-Site Request Forgery via admin/organizer.ajax.php
CVSS 8.8
CVE-2018-12370 HIGH
Firefox < 61 - CSRF Bypass
CVSS 8.8
CVE-2018-12364 HIGH
NPAPI plugins - CSRF
CVSS 8.8
CVE-2018-15438 MEDIUM
Cisco Prime Collaboration Assurance - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-15402 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Cross-Site Request Forgery via Improper Origin Header Validation
CVSS 5.4
CVE-2018-18436 HIGH
JTBC(PHP) 3.0 - Cross-Site Request Forgery via Account Creation
CVSS 8.8
CVE-2018-18432 HIGH
DESTOON B2B 7.0 - Cross-Site Request Forgery via admin.php Action Parameter
CVSS 8.8
CVE-2018-18422 HIGH
UsualToolCMS 8.0 - Cross-Site Request Forgery via cmsadmin/a_adminx.php
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium