CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-16416 HIGH
FUEL CMS 1.4 - Cross-Site Request Forgery in my_profile/edit Endpoint
CVSS 8.8
CVE-2018-16387 HIGH
Elefantcms < 2.0.5 - CSRF
CVSS 8.8
CVE-2018-16380 HIGH
Ogma CMS 0.4 Beta - Cross-Site Request Forgery in User Creation
CVSS 8.8
CVE-2018-16366 HIGH
idreamsoft iCMS V7.0.10 - Cross-Site Request Forgery in admincp.php
CVSS 8.8
CVE-2018-16365 HIGH
idreamsoft iCMS V7.0.10 - Cross-Site Request Forgery in admincp.php
CVSS 8.8
CVE-2018-16345 HIGH
EasyCMS 1.5 - Cross-Site Request Forgery via Admin Password Update
CVSS 8.8
CVE-2018-16339 HIGH
EmpireCMS 7.0 - Cross-Site Request Forgery via AddUser.php
CVSS 8.8
CVE-2018-16338 HIGH
AuraCMS 2.3 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-16337 MEDIUM
Cscms V4.1.8 - Cross-Site Request Forgery via Admin Setting Save
CVSS 6.5
CVE-2018-16332 HIGH
iCMS 7.0.9 - Cross-Site Request Forgery in admincp.php Article Update
CVSS 8.8
CVE-2018-16331 HIGH
DamiCMS 6.0.0 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-16315 MEDIUM
waimai Super Cms 20150505 - Cross-Site Request Forgery via admin.php Config Endpoint
CVSS 6.5
CVE-2018-16314 HIGH
idreamsoft iCMS 7.0.11 - Cross-Site Request Forgery via Referer Header Bypass
CVSS 8.8
CVE-2018-11718 HIGH
Xovis PC2, PC2R, and PC3 Firmware < 3.6.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15121 HIGH
Auth0 auth0-aspnet and auth0-aspnet-owin - Cross-Site Request Forgery via Unvalidated OAuth State Parameter
CVSS 8.8
CVE-2018-15901 HIGH
e107 2.1.8 - Cross-Site Request Forgery in usersettings.php
CVSS 8.8
CVE-2018-15884 HIGH
RICOH MP C4504ex Firmware - HTML Injection via entryNameIn Parameter
CVSS 8.8
CVE-2018-15851 HIGH
Flexo CMS 0.1.6 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-15850 HIGH
Redaxo Cms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-15849 MEDIUM
portfolioCMS 1.0.5 - Cross-Site Request Forgery via admin/aboutus.php
CVSS 4.3
CVE-2018-15848 HIGH
portfolioCMS 1.0.5 - Cross-Site Request Forgery via New Page Creation
CVSS 8.8
CVE-2018-15846 HIGH
fledrCMS < 2014-02-03 - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2018-15845 HIGH
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-15844 HIGH
DamiCMS 6.0.0 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
CVE-2018-11502 MEDIUM
Moderator Log Notes 1.1 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,379
Exploit Likelihood Medium