CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-6504 HIGH
ArcSight Management Center < 2.81 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-13398 MEDIUM
Atlassian Crucible and Fisheye < 4.5.4 - Cross-Site Request Forgery in Administrative Smart-Commits Resource
CVSS 6.5
CVE-2018-16952 HIGH
Oracle WebCenter Interaction Portal 10.3.3 - CSRF
CVSS 8.8
CVE-2018-17104 HIGH
Microweber 1.0.7 - Cross-Site Request Forgery via Admin User Creation
CVSS 8.8
CVE-2018-17103 HIGH
GetSimple CMS v3.3.13 - Cross-Site Request Forgery via admin/settings.php
CVSS 8.8
CVE-2018-17102 HIGH
QuickAppsCMS through 2.0.0-beta2 - Cross-Site Request Forgery via User Password Change
CVSS 8.8
CVE-2018-17070 MEDIUM
UNL-CMS 7.59 - CSRF
CVSS 6.5
CVE-2018-17069 MEDIUM
UNL-CMS 7.59 - CSRF
CVSS 6.5
CVE-2018-17045 HIGH
CMS MaeloStore 1.5.0 - Cross-Site Request Forgery via Admin Password Update
CVSS 8.8
CVE-2018-17023 HIGH
ASUS GT-AC5300 <3.0.0.4.384_32738 - CSRF
CVSS 8.8
CVE-2018-16951 HIGH
xunfeng 0.2.0 - Cross-Site Request Forgery via Backquote Character Mishandling
CVSS 8.0
CVE-2018-16832 MEDIUM
xunfeng 0.2.0 - Cross-Site Request Forgery via X-Forwarded-Host Header Overwrite
CVSS 6.5
CVE-2018-16732 HIGH
CScms 4.1 - Cross-Site Request Forgery via FTP Settings Save
CVSS 8.8
CVE-2018-0647 HIGH
ASUS WL-330NUL Firmware < 3.0.0.46 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-16650 HIGH
phpmyfaq < 2.9.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-1000669 HIGH
Koha Library System <17.05.05 - CSRF
CVSS 8.8
CVE-2018-16552 HIGH
MicroPyramid Django-CRM 0.2 - Cross-Site Request Forgery in User and Account Management
CVSS 8.8
CVE-2018-15682 HIGH
BTITeam XBTIT < 2.5.4 - Cross-Site Request Forgery via Private Message Form
CVSS 8.8
CVE-2018-15677 MEDIUM
BTITeam XBTIT 2.5.4 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Newsfeed Title
CVSS 6.1
CVE-2018-14769 HIGH
VIVOTEK FD8177 <XXXXXX-VVTK-xx06a - CSRF
CVSS 8.8
CVE-2018-16458 MEDIUM
baigo CMS v2.1.1 - Cross-Site Request Forgery via Article Publication Endpoint
CVSS 6.5
CVE-2018-16449 MEDIUM
OneThink 1.1.141212 - Cross-Site Request Forgery via Admin Endpoints
CVSS 6.5
CVE-2018-16448 HIGH
cscms 4 - Cross-Site Request Forgery via Admin User Management Endpoints
CVSS 8.8
CVE-2018-16447 HIGH
Frogcms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-16431 HIGH
YFCMF v3.0 - Cross-Site Request Forgery in Admin Account Creation
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium