CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-10884 HIGH
Ansible Tower 3.1.0-3.1.8 - Cross-Site Request Forgery in awx/api/authentication.py
CVSS 8.8
CVE-2018-15569 MEDIUM
my_little_forum 2.4.12 - Cross-Site Request Forgery for User Deletion
CVSS 6.5
CVE-2018-15568 HIGH
tp5cms < 2017-05-25 - Cross-Site Request Forgery via admin.php/category/delete.html
CVSS 8.8
CVE-2018-15565 HIGH
simple-cms < 2014-03-11 - Unauthenticated Cross-Site Request Forgery via admin/addpage.php
CVSS 8.8
CVE-2018-15564 HIGH
simple-cms < 2014-03-11 - Cross-Site Request Forgery via admin/?delpage Parameter
CVSS 8.8
CVE-2018-14057 HIGH
pimcore < 5.3.0 - Cross-Site Request Forgery via Missing CSRF Token Validation
CVSS 8.8
CVE-2018-1712 HIGH
IBM API Connect 5.0.0.0-5.0.8.3 - Server-Side Request Forgery
CVSS 8.6
CVE-2018-1455 MEDIUM
IBM Tivoli Application Dependency Discovery Manager <7.3 - CSRF
CVSS 4.3
CVE-2018-13394 MEDIUM
Atlassian Questions for Confluence < 2.6.6 - Cross-Site Request Forgery via acceptAnswer Resource
CVSS 6.5
CVE-2018-13393 MEDIUM
Atlassian Questions for Confluence < 2.6.6 - Cross-Site Request Forgery via convertCommentToAnswer
CVSS 6.5
CVE-2018-2442 HIGH
SAP BusinessObjects Business Intelligence 4.0-4.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-7097 HIGH
HP 3PAR Service Provider < SP-4.4.0.GA-110(MU7) - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-14783 HIGH
NetComm Wireless G LTE Light Industrial M2M Router - CSRF
CVSS 8.8
CVE-2018-15187 HIGH
PHP Scripts Mall advanced-real-estate-script 4.0.9 - CSRF
CVSS 8.0
CVE-2018-15186 HIGH
PHP Scripts Mall Chartered Accountant - Auditor Website 2.0.1 - CSRF
CVSS 8.8
CVE-2018-15203 MEDIUM
ignitedcms < 2017-02-19 - Cross-Site Request Forgery via Page Addition
CVSS 6.5
CVE-2018-15202 MEDIUM
Juunan06 eCommerce <2018-08-05 - CSRF
CVSS 6.3
CVE-2018-15198 HIGH
OneThink 1.1 - Cross-Site Request Forgery in User Add Endpoint
CVSS 8.8
CVE-2018-15197 HIGH
OneThink 1.1 - Cross-Site Request Forgery in Admin Group Assignment
CVSS 8.8
CVE-2018-15193 HIGH
Gogs through 0.11.53 - Cross-Site Request Forgery in Admin Panel
CVSS 8.8
CVE-2018-15177 HIGH
Gxlcms 2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-7060 HIGH
Aruba ClearPass 6.6.0-6.6.8 and 6.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-14978 HIGH
QCMS 3.0.1 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-14966 HIGH
EMLsoft 5.4.5 - Cross-Site Request Forgery via User Addition
CVSS 8.8
CVE-2018-14965 HIGH
EMLsoft 5.4.5 - Cross-Site Request Forgery via eml/upload/eml/ Endpoint
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium