CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-15539 HIGH
Agentejo Cockpit - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-18317 HIGH
DESHANG DSCMS 1.1 - Cross-Site Request Forgery via Admin Add URI
CVSS 8.8
CVE-2018-18316 HIGH
emlog v6.0.0 - Cross-Site Request Forgery via admin/user.php?action=new URI
CVSS 8.8
CVE-2018-18215 HIGH
youke365 v1.1.5 - Cross-Site Request Forgery in Admin User Management
CVSS 8.8
CVE-2018-12456 HIGH
Intelbras NPLUG 1.0.0.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-13800 HIGH
SIMATIC S7-1200 CPU V4 < 4.2.3 - Authenticated Cross-Site Request Forgery
CVSS 7.3
CVE-2018-18201 HIGH
qibosoft V7.0 - Cross-Site Request Forgery via admin/index.php?lfj=member&action=addmember
CVSS 8.8
CVE-2018-17858 HIGH
Joomla! < 3.8.13 - Cross-Site Request Forgery in com_installer
CVSS 8.8
CVE-2018-18191 HIGH
FineCMS 5.4 - Cross-Site Request Forgery in Admin Password Change
CVSS 8.8
CVE-2018-2474 MEDIUM
SAP Fiori 1.0 for SAP ERP HCM - Cross-Site Request Forgery in Approve Leave Request App
CVSS 6.5
CVE-2018-15401 MEDIUM
Cisco Hosted Collaboration Mediation Fulfillment - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-0451 HIGH
Cisco Tetration Analytics - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0446 HIGH
Cisco Industrial Network Director - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0445 HIGH
Cisco Packaged Contact Center Enterprise - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0444 MEDIUM
Cisco Packaged Contact Center Enterprise - Stored Cross-Site Scripting via Web Management Interface
CVSS 6.1
CVE-2018-0439 HIGH
Cisco Meeting Server - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-17986 HIGH
razorcms 3.4.8 - Cross-Site Request Forgery for Admin Password Change
CVSS 8.8
CVE-2018-5921 HIGH
HP Printer and MFP Firmware < 2405129_000052 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-17869 HIGH
DASAN H660GW - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15702 HIGH
TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 - Cross-Site Request Forgery via Referer Field
CVSS 8.8
CVE-2018-17826 HIGH
HisiPHP 1.0.8 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-17081 MEDIUM
e107 2.1.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-8844 HIGH
Philips e-Alert Unit <R2.1 - Info Disclosure
CVSS 8.8
CVE-2018-17366 HIGH
MCMS 4.6.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15612 HIGH
Avaya Aura Orchestration Designer < 7.2.1 - Cross-Site Request Forgery in Runtime Config
CVSS 8.3
Details
Vulnerabilities 9,379
Exploit Likelihood Medium