CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,379 vulnerabilities with CWE-352
CVE-2018-16416
HIGH
FUEL CMS 1.4 - Cross-Site Request Forgery in my_profile/edit Endpoint
CVSS 8.8
CVE-2018-16387
HIGH
Elefantcms < 2.0.5 - CSRF
CVSS 8.8
CVE-2018-16380
HIGH
Ogma CMS 0.4 Beta - Cross-Site Request Forgery in User Creation
CVSS 8.8
CVE-2018-16366
HIGH
idreamsoft iCMS V7.0.10 - Cross-Site Request Forgery in admincp.php
CVSS 8.8
CVE-2018-16365
HIGH
idreamsoft iCMS V7.0.10 - Cross-Site Request Forgery in admincp.php
CVSS 8.8
CVE-2018-16345
HIGH
EasyCMS 1.5 - Cross-Site Request Forgery via Admin Password Update
CVSS 8.8
CVE-2018-16339
HIGH
EmpireCMS 7.0 - Cross-Site Request Forgery via AddUser.php
CVSS 8.8
CVE-2018-16338
HIGH
AuraCMS 2.3 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-16337
MEDIUM
Cscms V4.1.8 - Cross-Site Request Forgery via Admin Setting Save
CVSS 6.5
CVE-2018-16332
HIGH
iCMS 7.0.9 - Cross-Site Request Forgery in admincp.php Article Update
CVSS 8.8
CVE-2018-16331
HIGH
DamiCMS 6.0.0 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-16315
MEDIUM
waimai Super Cms 20150505 - Cross-Site Request Forgery via admin.php Config Endpoint
CVSS 6.5
CVE-2018-16314
HIGH
idreamsoft iCMS 7.0.11 - Cross-Site Request Forgery via Referer Header Bypass
CVSS 8.8
CVE-2018-11718
HIGH
Xovis PC2, PC2R, and PC3 Firmware < 3.6.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15121
HIGH
Auth0 auth0-aspnet and auth0-aspnet-owin - Cross-Site Request Forgery via Unvalidated OAuth State Parameter
CVSS 8.8
CVE-2018-15901
HIGH
e107 2.1.8 - Cross-Site Request Forgery in usersettings.php
CVSS 8.8
CVE-2018-15884
HIGH
RICOH MP C4504ex Firmware - HTML Injection via entryNameIn Parameter
CVSS 8.8
CVE-2018-15851
HIGH
Flexo CMS 0.1.6 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-15850
HIGH
Redaxo Cms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15849
MEDIUM
portfolioCMS 1.0.5 - Cross-Site Request Forgery via admin/aboutus.php
CVSS 4.3
CVE-2018-15848
HIGH
portfolioCMS 1.0.5 - Cross-Site Request Forgery via New Page Creation
CVSS 8.8
CVE-2018-15846
HIGH
fledrCMS < 2014-02-03 - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2018-15845
HIGH
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-15844
HIGH
DamiCMS 6.0.0 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-11502
MEDIUM
Moderator Log Notes 1.1 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities
9,379
Exploit Likelihood
Medium